[NEWS] Black Tie Project System Information and Path Disclosure Vulnerability
From: support@securiteam.comDate: 03/16/02
- Previous message: support@securiteam.com: "[NT] Microsoft SQL Server: Buffer Overflows in numerous extended stored procedures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sat, 16 Mar 2002 12:44:32 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Black Tie Project System Information and Path Disclosure Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://btp.logiciel-fr.com/> Black Tie Project (BTP) is a very modular
portal system with independent modules. It allows you to add and remove a
module, and create and customize your own modules at any time.
BTP is written in French and is coded in PHP. It includes modules with
wap, articles, comment, mail, news, and more.
A vulnerability exists in BTP, which could allow any remote user to view
the full path to the web root.
DETAILS
Vulnerable systems:
BTP v0.5b, v0.5, v04.b
By submitting a maliciously crafted HTTP request to the site running BTP,
any remote user can reveal the absolute path to the web root and also more
information about the system.
This issue may be exploited by requesting an invalid category ID (cid) in
"categorie.php3".
Example:
http://BTP_site/categorie.php3?cid=blahblah
Where "blahblah" is a non-existing category number.
This would return the web root path in an error message:
"Warning: Unable to jump to row 0 on MySQL result index 2 in
/home/software/a/htdocs/site/examplesite.com/categorie.php3 on line 11"
This information may be used to aid in further "intelligent" attacks
against the host running the vulnerable BTP system.
Vendor response:
The vendor confirmed the vulnerability in the Black Tie Project, and
stated that they will be releasing a new version with better modules and
increased security in a few months.
Workaround:
Put an IF ELSE statement in the categorie.php3, like:
if ($requested_cat_number == "") {
die ("Categorie number not found!");
}
else {
// the original script functions
}
ADDITIONAL INFORMATION
The information has been provided by <mailto:s_alper@hotmail.com> Ahmet
Sabri ALPER.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Microsoft SQL Server: Buffer Overflows in numerous extended stored procedures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
