WEBGENEius GOOP Gallery 'download.php'目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193272 漏洞类型 路径遍历
发布时间 2006-10-10 更新时间 2006-10-23
CVE编号 CVE-2006-5188 CNNVD-ID CNNVD-200610-110
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://cxsecurity.com/issue/WLB-2006100063
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200610-110
|漏洞详情
webGENEiusGOOPGallery2.0.2的download.php中存在目录遍历漏洞,远程攻击者可以通过未明变量从某些文件或目录中读取或罗列数据。
|漏洞EXP
Armorize Technologies Security Advisory

Advisory No:
Armorize-ADV-2006-0004

Status:
Partial

Date:
2006/10/04

Bugtraq No.:
N/A

Summary:
Armorize-ADV-2006-0004 discloses a special case of directory traversal vulnerability found in Goop Gallery, which is is a directory based photo gallery and does not require database installation. All you have to do is upload your images with GOOP Gallery, set a hand full of configuration variables, and you've got a picture gallery. GOOP Gallery dynamically resizes images to sizes you specify. No need to spend hours making thumbnails or writing code for every picture, GOOP Gallery will do that for you. The configuration file allows you to adjust almost every aspect of your gallery. GOOP Gallery 2.0 allows you to set multiple ways for viewing your images and let's vistors set their own preference.

Affected Software:
Goop Gallery 2.0.2

Vulnerability Description:
Directory Traversal

Analysis/Impact:
Allows malicious users to access restricted directories and/or view data outside the normal scope which may lead to information theft and invasion of privacy.

Detection/Exploit(partial):
http://www.example.com/[PATH]/download.php

Protection/Solution:
1. Escape every questionable user input.
2. Add sanitization functions before passing parameters to sensitive functions.

Credit: Security Team at Armorize Technologies, Inc. (security (at) armorize (dot) com [email concealed])

Additional Information:
Link to this Armorize advisory
http://www.armorize.com/advisory.php?Keyword=Armorize-ADV-2006-0004

Links to all Armorize advisories
http://www.armorize.com/advisory/

Links to Armorize vulnerability database
http://www.armorize.com/resources/vulnerability.php

Armorize Technologies is a software security company focused on Web application security. Our source code analysis tools provide Web application security that transcends firewalls, intrusion detection systems (IDSs), and all other signature-based security devices. Armorize's main product, CodeSecure, uses award-winning and patent-pending source code verification technology to identify vulnerabilities in Web applications during the earliest stage of the software development lifecycle.

Papers on source code analysis technology from our founding team have won awards at two consecutive International World Wide Web Conferences. The latest version of CodeSecure addresses current market gaps in Web security products by helping Web developers detect vulnerabilities and choose from rapidly generated solutions. The company is headquartered in Santa Clara, California with its R&D center in Taipei, Taiwan. Find out more at http://www.armorize.com.
|参考资料

来源:BID
名称:20331
链接:http://www.securityfocus.com/bid/20331
来源:BUGTRAQ
名称:20061017Re:DirectoryTraversalVulnerabilityinGoopGallery2.0.2
链接:http://www.securityfocus.com/archive/1/archive/1/448946/100/0/threaded
来源:BUGTRAQ
名称:20061011DirectoryTraversalVulnerabilityinGoopGallery2.0.2
链接:http://www.securityfocus.com/archive/1/archive/1/448258/100/100/threaded
来源:BUGTRAQ
名称:20061004DirectoryTraversalVulnerabilityinGoopGallery2.0.2
链接:http://www.securityfocus.com/archive/1/archive/1/447647/100/0/threaded
来源:MISC
链接:http://www.armorize.com/resources/vulnerability.php?Keyword=Armorize-ADV-2006-0004
来源:SECTRACK
名称:1016983
链接:http://securitytracker.com/id?1016983
来源:SECUNIA
名称:22258
链接:http://secunia.com/advisories/22258
来源:XF
名称:goopgallery-download-directory-traversal(29339)
链接:http://xforce.iss.net/xforce/xfdb/29339
来源:SREASON
名称:1698
链接:http://securityreason.com/securityalert/1698