Land Down Under plug.php 信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195168 漏洞类型 未知
发布时间 2006-04-29 更新时间 2006-04-29
CVE编号 CVE-2006-2096 CNNVD-ID CNNVD-200604-560
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/87674
https://cxsecurity.com/issue/WLB-2006050011
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-560
|漏洞详情
LandDownUnder(LDU)802及早期版本中的plug.php允许远程攻击者借助于无效的(1)month或(2)year参数获取敏感信息,所述参数载错误信息中泄露了路径。
|漏洞EXP
Land Down Under 802 and below version  Path Disclosure Vulnerability

#-----------------------------------------------------------------------
--------------------------------------------------------

#Aria-Security.net Advisory

#Discovered  by:R@1D3N (amin emami)

#date:21/04/2006

#original advisory:http://www.aria-security.net/advisory/ldu/ldu.txt

#<AminRayden (at) yahoo (dot) com [email concealed]>

#special thanks  to:A.u.r.a  & O.u.t.l.a.w & Smok3r & behzad & majid and all Persian Security team

#-----------------------------------------------------------------------
---------------------------------------------------------'

? Affected software description:

LDU <= 802 and below version (Land Down Under)

Vendor: http://www.neocrome.net

? information:

A vulnerability in LDU allow attackers to determine the physical path of the application.

This vulnerability would allow a remote user to determine the full path to the web root directory and other potentially sensitive information.

The attack is performed by submitting a specially crafted HTTP request, such as a request for an invalid month and year

? Proof of Concept:

Path disclosure vulnerability:

http://localhost/plug.php?p=calendar&m=aria-security.net&y=R@1D3N

error:

warning:checkdate() expects parameter 1 to be long

,string given in /home/lothi8196/public_html/plugins/standard/calendar/calendar.php

on line 100

Solution:

There is no solution to the full path disclosure yet.

Advisory (at) Aria-Security (dot) net [email concealed]
|受影响的产品
Neocrome Land Down Under 802 Neocrome Land Down Under 801 Neocrome Land Down Under 800 Neocrome Land Down Under 701 Neocrome Land Down Under 700.05 Neocrome Land Down Und
|参考资料

来源:BUGTRAQ
名称:20060427LandDownUnder802andbelowversionPathDisclosureVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/432235/100/0/threaded
来源:XF
名称:landdownunder-monthyear-path-disclosure(26143)
链接:http://xforce.iss.net/xforce/xfdb/26143
来源:SREASON
名称:814
链接:http://securityreason.com/securityalert/814