Info

Disclosure

Dec 07, 2004

Discovery

Unknown

Dates

Exploit

Dec 07, 2004

Solution

Unknown

Description

WebLibs contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the weblibs.pl script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the TextArea variable (which is a hidden <INPUT> field in the form).

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Available

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Darryl C. Burgdorf

WebLibs

1.00

References

Security Tracker: 1012451
Bugtraq ID: 11848
Secunia Advisory ID: 13400
ISS X-Force ID: 18399
CVE ID: 2004-1221 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0046.html
Vendor URL: http://awsd.com/

Credit

John Bissell A.K.A. HighT1mes - monkey321_1hotmail.com -

Direct URL: http://osvdb.org/36218