pppBLOG randompic.php directory traversal

pppblog-randompic-directory-traversal (26969) The risk level is classified as LowLow Risk

Description:

pppBLOG could allow a remote attacker to traverse directories on the system. If register_globals is enabled, a remote attacker could send a specially-crafted URL request to the randompic.php script containing "dot dot" sequences (/../) in the 'file' array parameter to traverse directories and view arbitrary files on the system.


Consequences:

Obtain Information

Remedy:

Upgrade to the latest version of pppBLOG (0.3.9 or later), available from the pppBLOG Web site. See References.

References:

  • BugTraq Mailing List, Tue May 30 2006 - 16:25:41 CDT : pppBlog <= 0.3.8 administrative credentials/system disclosure.
  • pppBLOG Web site: pppBLOG - a Plain text Photo blog engine in Php.
  • BID-18189: PPPBlog Randompic.PHP Directory Traversal Vulnerability
  • CVE-2006-2770: Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an index of the file array parameter, as demonstrated by file[0].
  • SA20375: pppBLOG "files[0]" Parameter Disclosure of Sensitive Information
  • SECTRACK ID: 1016198: pppBLOG Input Validation Flaw in `randompic.php` Script in the `files` Array Permits Directory Traversal Attacks
  • VUPEN/ADV-2006-2085: pppBLOG files Parameter Handling Remote Directory Traversal Vulnerability

Platforms Affected:

  • Jörg Tiedemann pppBLOG 0.3.8 and prior

Reported:

May 30, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page