Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Fa Name version 1.0 Path Disclosure Vulnerability
From: securityresearch <securityresearch () netvigilance com>
Date: Mon, 30 Jun 2008 16:33:59 -0400

netVigilance Security Advisory #41

Fa Name version 1.0 Path Disclosure Vulnerability
Description:
Fa Name 
(http://webscripts.softpedia.com/script/Content-Management/Fa-Name-41229.html) 
is useful portal (CMS) for .name websites. You can have a simple portal 
but useful one for you domain names and by using this portal you can 
show your complete information like photo, identification, projects and 
history to the others.
Successful exploitation requires PHP magic_quotes_gpc set to Off in 
php.ini file on the server. (Default for magic_quotes_gpc is On)
External References:
Mitre CVE: CVE-2007-3651 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3651
NVD NIST: CVE-2007-3651 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3651
OSVDB:

Summary:
Fa Name is useful portal (CMS) for .name websites.
Security problems in the product allow attackers to gather the true path 
of the server-side script.

Advisory URL:
http://www.netvigilance.com/advisory0041

Release Date: June 30th 2008

CVSS Version 2 Metrics:

Base Metrics:
Exploitability Metrics:
Access Vector: Network
Access Complexity: Medium
Authentication: None
Impact Metrics:
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
Temporal Metrics:
Exploitability: Functional
Remediation Level: Workaround
Report Confidence: Uncorroborated

CVSS Version 2 Vectors:

Base Vector: “AV:N/AC:M/Au:N/C:P/I:N/A:N”
Temporal Vector: “E:F/RL:W/RC:UR”


CVSS Version 2 Scores:

Base Score: 4.3
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Temporal Score: 3.7
SecureScout Testcase ID: TC 17971

Vulnerable Systems:
Fa Name version 1.0

Vulnerability Type:
Program flaws – The product scripts have flaws which lead to Warnings or 
even Fatal Errors.
Vendor:
FaScript

Vendor Status:
The Vendor has been notified
Workaround:
Disable warning messages: modify in the php.ini file following line: 
display_errors = Off or/and in the php.ini file set magic_quotes_gpc = On.

Example:
Path Disclosure Vulnerability
REQUEST:
http://[TARGET]/[FANAME-DIRECTORY]/class/page.php?id=&apos;;
REPLY:
...<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid 
MySQL result resource in <b>[SERVER 
PATH][FANAME-DIRECTORY]\class\page.php</b> on line <b>6</b><br />...

Credits:
Jesper Jurcenoks
Co-founder netVigilance, Inc
www.netvigilance.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Fa Name version 1.0 Path Disclosure Vulnerability securityresearch (Jun 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault