Информационная безопасность
[RU] switch to English


Дополнительная информация

  Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  b2ePMS 1.0 Authentication Bypass Vulnerability

  Liferay users can assign themselves to organizations, leading to possible privilege escalation

  Liferay 6.1 json webservices are subject to cross-site request forgery attacks

  Liferay 6.1 can be compromised without having an account on the portal

From:YGN Ethical Hacker Group <lists_(at)_yehg.net>
Date:3 июня 2012 г.
Subject:Acuity CMS 2.6.x <= Path Traversal Arbitrary File Access

1. OVERVIEW

Acuity CMS 2.6.x (ASP-based) versions are vulnerable to Path Traversal.


2. BACKGROUND

Acuity CMS is a powerful but simple, extremely easy to use, low
priced, easy to deploy content management system. It is a leader in
its price and feature class.


3. VULNERABILITY DESCRIPTION

The issue is due to the script, /admin/file_manager/browse.asp, not
properly sanitizing user input, specifically directory traversal style
attacks (e.g., ../../) supplied via the 'path' parameter. It would
allow the attacker to access arbitrary files outside of web root
directory.


4. VERSIONS AFFECTED

Tested with version 2.6.2.


5. PROOF-OF-CONCEPT/EXPLOIT

http://localhost/admin/file_manager/browse.asp?field=&form=&path=../../


6. SOLUTION

The Acunity CMS is no longer in active development.
It is recommended to user another CMS in active development and support.


7. VENDOR

The Collective
http://www.thecollective.com.au/


8. CREDIT

Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar.


9. DISCLOSURE TIME-LINE

2012-05-20: vulnerability disclosed


10. REFERENCES

Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/%5Bacuity_cms2.6%20x_(asp)%
5D_path_traversal

#yehg [2012-05-20]

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород