KorWeblog prior 1.6.2 directory listing 1.0
 
Plugin ID278
Plugin nameKorWeblog prior 1.6.2 directory listing
Plugin filenameKorWeblog prior 1.6.2 directory listing.plugin
Plugin filesize3457 bytes
Plugin familyCGI
Plugin created nameMarc Ruef
Plugin created emailmarc dot ruef at computec dot ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2004/11/28
Plugin version1.0
Plugin protocoltcp
Plugin port80
Plugin procedure detectionopen|send GET /index.php HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# 200 *Powered by <A HREF=.*KorWeblog 1.[0-5].#* OR HTTP/#.# 200 *Powered by <A HREF=.*KorWeblog 1.6.[0-2]*
Plugin procedure exploitopen|send GET /viewimg.php?path=images.d/face/../../../../../../../&form=Co HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# 200 *
Plugin detection accuracy80
Plugin exploit accuracy90
Plugin commentThis plugin was written with the ATK Attack Editor.
Bug published nameJeremy Bae
Bug published emailadvisory at stgsecurity dot com
Bug published webhttp://www.stgsecurity.com
Bug published companySTG Security
Bug published date2004/11/24
Bug advisoryhttp://www.securityfocus.com/archive/1/382135
Bug produced webhttp://weblog.kldp.org
Bug affectedKorWeblog prior 1.6.2
Bug not affectedKorWeblog newer than 1.6.2 and other solutions
Bug vulnerability classDirectory Traversal
Bug descriptionThe remote host is using KorWeblog, a web based log application written in PHP. A vulnerability exists in the remote version of this product which may allow a remote attacker to disclose directory listings. Information disclosures could help the attacker in further attacks.
Bug solutionThe software should be deactivated or de-installed if not necessary. Upgrade to the latest version of KorWeblog, at least to 1.6.2. To make it harder to find the server the daemon could be configured to listen at another port (e.g. 8081). Try to prevent unwanted connection attempts by filtering traffic with firewalling.
Bug fixing timeApprox. 1 hour
Bug exploit availabilityYes
Bug exploit urlhttp://www.securityfocus.com/bid/11744/exploit/
Bug remoteYes
Bug localYes
Bug severityMedium
Bug popularity3
Bug simplicity6
Bug impact8
Bug risk5
Bug Nessus riskMedium
Bug check toolsNessus is able to do the same check.
Source SecurityFocus BID11744
Source Nessus ID15829
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://kldp.net/tracker/index.php?func=detail&aid=300515&group_id=13&atid=300013

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.