Arbitrary File Disclosure Vulnerability in Quirex
Summary
- Vulnerability
- Arbitrary File Disclosure Vulnerability in Quirex
- Discovered
- 2006.02.11
- Last Update
- 2006.02.21 Exploitation code published
- ID
- EV0078
- CVE
- CVE-2006-0795
- Risk Level
- high
- Type
- Arbitrary File Disclosure
- Status
- Unpatched. No reply from developer(s)
- Vendor
- n/a
- Vulnerable Software
- Quirex (http://www.teca-scripts.com/)
- Version
- 2.0.2 2.0 and earlier
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Arbitrary File Disclosure found in Quirex (http://www.teca-scripts.com/) script.
Vulnerable Script: convert.cgi
Variable $quiz_head $quiz_foot $template are not properly sanitized. This can be used to read arbitrary files.
System access is possible.
PoC/Exploit
File Disclosure Example
Url: http://host/cgi-bin/quirex/convert.cgi
Path to quiz_head.txt: [arbitrary file]
Path to quiz_foot.txt: [arbitrary file]
Output file: [output file]
Solution.
Solution for "Arbitrary File Disclosure Vulnerability in Quirex" is not available. Check vendor's website for updates.