Exploit the possiblities

LandDownUnder.txt

LandDownUnder.txt
Posted Apr 29, 2006
Site Aria-Security.net

Land Down Under 802 and below suffer from a path disclosure vulnerability.

tags | advisory
MD5 | cf438c534aa71ec36ac81b7aaa160cea

LandDownUnder.txt

Change Mirror Download
Land Down Under 802 and below version  Path Disclosure Vulnerability

#-------------------------------------------------------------------------------------------------------------------------------
#Aria-Security.net Advisory
#Discovered by:R@1D3N (amin emami)
#date:21/04/2006
#original advisory:http://www.aria-security.net/advisory/ldu/ldu.txt
#<AminRayden@yahoo.com>
#special thanks to:A.u.r.a & O.u.t.l.a.w & Smok3r & behzad & majid and all Persian Security team
#--------------------------------------------------------------------------------------------------------------------------------'

? Affected software description:
LDU <= 802 and below version (Land Down Under)
Vendor: http://www.neocrome.net



? information:
A vulnerability in LDU allow attackers to determine the physical path of the application.
This vulnerability would allow a remote user to determine the full path to the web root directory and other potentially sensitive information.

The attack is performed by submitting a specially crafted HTTP request, such as a request for an invalid month and year


? Proof of Concept:

Path disclosure vulnerability:
http://localhost/plug.php?p=calendar&m=aria-security.net&y=R@1D3N

error:
warning:checkdate() expects parameter 1 to be long
,string given in /home/lothi8196/public_html/plugins/standard/calendar/calendar.php
on line 100



Solution:
There is no solution to the full path disclosure yet.
Advisory@Aria-Security.net

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    5 Files
  • 21
    Jan 21st
    1 Files
  • 22
    Jan 22nd
    15 Files
  • 23
    Jan 23rd
    15 Files
  • 24
    Jan 24th
    5 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close