0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

cPassMan v1.82 Arbitrary File Download

Author

Sense of Security

Risk

[

Security Risk Unsored

]

0day-ID

Category

Date add

Platform

Sense of Security - Security Advisory - SOS-11-004
 
Release Date.                  15-Apr-2011
Last Update.                   -
Vendor Notification Date.      7-Mar-2011
Product.                       Collaborative Passwords Manager (cPassMan)
Platform.                      Independent (PHP)
Affected versions.             1.82 (verified), and possibly others
Severity Rating.               Medium
Impact.                        Local file system access
Attack Vector.                 Remote without authentication
Solution Status.               Upgrade to v2.0, v1.x branch no longer
updated
CVE reference.                 Not yet assigned
 
Details.
A vulnerability has been discovered in the Collaborative Passwords Manager
(cPassMan) web application that can be exploited to retrieve files from the
local host file system. The input passed to the component
"sources/downloadfile.php" via the "path" variable allows the retrieval of
any
file on the local file system that the web server has access to. There is no
data validation or authorisation mechanisms present within this component.
 
Proof of Concept.
http://localhost/cpassman/sources/downloadfile.php?path=/etc/passwd
 
Solution.
The author (Nils Laumaille) has indicated that the v1.x branch of cPassMan
will no longer be updated, as he has rewritten the application and v2.0 is
now
the recommended release.
 
Discovered by.
Kaan Kivilcim - Sense of Security Labs.



#  0day.today [2024-12-27]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

cPassMan v1.82 Arbitrary File Download

Report Error

Report Error