OSVDB ID: 27015

Title: phpSysInfo index.php lng Variable Traversal File Existence Enumeration

Info

Disclosure

Apr 04, 2003

Discovery

Unknown

Dates

Exploit

Apr 04, 2003

Solution

Unknown

Description

phpSysInfo contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the index.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'lng' variable and null terminated.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Public
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

phpSysInfo	phpSysInfo	2.0
		2.5.1
		2.1

References

Security Tracker: 1016440
Bugtraq ID: 18868
CVE ID: 2006-3360 (see also: NVD)
Secunia Advisory ID: 20939
ISS X-Force ID: 27527
VUPEN Advisory: ADV-2006-2668
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0065.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0066.html
Vendor URL: http://phpsysinfo.sourceforge.net/

Credit

Micheal Turner - wh1t3h4t3yahoo.co.uk -
Albert Puigsech Galicia - ripe7a69ezine.org - Personal Page

Direct URL: http://osvdb.org/27015