w-Agora multiple .php scripts path disclosure

wagora-multiple-path-disclosure (33174) The risk level is classified as LowLow Risk

Description:

w-Agora could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted URL request to the rss.php, profile.php, or search.php script using multiple parameters to cause an error message to be returned containing the full installation path. An attacker could use this information to launch further attacks against the affected system.

Platforms Affected:

  • Marc Druilhe, w-Agora 4.2.1 and prior

Remedy:

No remedy available as of July 4, 2009.

Consequences:

Obtain Information

References:

  • BugTraq Mailing List, Tue Mar 20 2007 - 11:07:18 CDT , w-agora [multiples file upload,xss,full path disclosure,error sql] at http://archives.neohapsis.com/archives/bugtraq/2007-03/0271.html.
  • w-Agora Web site, w-Agora: web publishing and forum software at http://w-agora.net/en/index.php.
  • BID-23057: W-Agora Multiple Input Validation Vulnerabilities
  • CVE-2007-1605: w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to index.php with a certain value of the (5) site[] or (6) sort[] parameter; (7) a request to profile.php with an empty value of the site[] parameter; or a request to search.php with (8) an empty value of the bn[] parameter or a certain value of the (9) pattern[] or (10) search_date[] parameter, which reveal the path in various error messages, probably related to variable type inconsistencies. NOTE: the bn[] parameter to index.php is already covered by CVE-2007-0606.1.
  • SA24605: W-Agora Multiple Vulnerabilities

Reported:

Mar 20, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page