Contact Us
SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME
 
Security Dashboard | US-CERTs | SecurityFocus | Advisories | Exploits | Threats | Vulnerabilities | Risks
Network Security Consulting Advisories Article

docXP 'fid' Parameter Directory Traversal Vulnerability

http://www.securityfocus.com/bid/54411

Security Info

Bugtraq ID: 54411
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Dec 07 2012 12:00AM
Updated: Dec 07 2012 12:00AM
Credit: GoLd_M
Vulnerable:
Not Vulnerable:

Security Discussion

docXP is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application.

Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.

docXP 1.1 is vulnerable; other versions may also be affected.

Proof of Concept and Security Exploits

An attacker can exploit the issue through a browser

The following example URI is available:

http://www.example.com/show_source.php?fid=../../../../../../../../../../../etc/passwd

Security Solution(s)

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Security References(s)

References:

Contact Us

Security Penetration Testing

Security Questions

Security Dashboard

Emagined Security Blog featuring Dr. Eugene Schultz
Site Updated May 19, 2013
©2000-2013 Emagined Security
All Rights Reserved

Secure Web Programming
by Vizual Services