OSVDB ID: 17713

Title: Quick & Dirty PHPSource Printer source.php Traversal Arbitrary File Access

Info

Disclosure

Jul 03, 2005

Discovery

Jul 03, 2005

Dates

Exploit

Jul 03, 2005

Solution

Unknown

Description

Quick & Dirty PHP Source Printer contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the source.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'file' variable.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Available
OSVDB: Web Related

Solution

Upgrade to version 1.1.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Kaf Oseo	Quick & Dirty PHP Source Printer	1.0
		1.1
		1.1.1

References

Security Tracker: 1014376
Secunia Advisory ID: 15900
CVE ID: 2005-2169 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0049.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0061.html
Vendor URL: http://guff.szub.net/quick-dirty-phpsource-printer/

Credit

Seth Alan Woolley - sethtautology.org -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Kaf Oseo

Quick & Dirty PHP Source Printer

References

Credit