exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

prb-advisory-02-2007.txt

prb-advisory-02-2007.txt
Posted Feb 13, 2007
Authored by Sebastian Wolfgarten | Site devtarget.org

PHP RRD Browser versions below 0.2.1 suffer from an arbitrary file disclosure vulnerability.

tags | exploit, arbitrary, php
SHA-256 | 28ed47f78f884651caee9b78a4633b35de6589214231d8d99dc0548005a1ef66

prb-advisory-02-2007.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I - TITLE

Security advisory: Arbitrary file disclosure vulnerability in
php rrd browser (prb)

II - SUMMARY

Description: Arbitrary file disclosure vulnerability in
php rrd browser < 0.2.1

Author: Sebastian Wolfgarten (sebastian at wolfgarten dot com),
http://www.devtarget.org

Date: February 11th, 2007

Severity: Medium

References: http://www.devtarget.org/prb-advisory-02-2007.txt

III - OVERVIEW

Quote from sourceforge.net: "Prb stands for php rrd browser, inspired by
rrdbrowse and cacti. A modular framework for creating rrd databases,
updating and graphing data, based on apache, php, mysql and rrdtool. It
will allow you to graph just about anything you like". More information
about the product can be found online at http://prb.sourceforge.net.

IV - DETAILS

Due to inproper input validation, the web application "php rrd browser"
(versions <0.2.1) is vulnerable to an arbitrary file disclosure
vulnerability. It allows an unauthenticated remote attacker to read any
file on the remote system if the user the webserver is running as has
permissions to do so. Thus an attacker is able to gain access
potentially sensitive information.

V - EXPLOIT CODE

The vulnerability is trivial to exploit and only requires specifying an
URL with a relative file path on the remote system such as

http://$target/prb/www/?p=../../../../../../../etc/passwd

As the input to the "p" parameter is not validated in any way accessing
this URL will expose the contents of /etc/passwd to a remote attacker.

VI - WORKAROUND/FIX

To address this problem, the author of prb (Guillaume Fontaine) has
released an updated version (0.2.1) of the software which is available
at http://prb.sourceforge.net. Hence all users of prb are asked to test
and install this version as soon as possible.

VII - DISCLOSURE TIMELINE

07. February 2007 - Notified vendor
10. Feburary 2007 - Patch released
11. February 2007 - Public disclosure
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFz0H9d8QFWG1Rza8RAncSAJwMe7l768sWSruW8xsHHexUD1vTYwCgoSnA
xP1J4Bg/qIlNr//YkVbPMhY=
=i7Q0
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    9 Files
  • 30
    Nov 30th
    21 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close