SEO Panel 2.1.0: Critical File Disclosure Vulnerability

Users of Seo Panel 2.1.0 please be advised of a Critical File Disclosure vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Seo Panel-SA-11/09/2010: Seo Panel 2.1.0 – Critical File Disclosure
Info:
A complete open source seo control panel for managing search engine optimization of your websites.
Seo Panel is a seo tool kit includes latest hot seo tools to increase and track the performace of your websites.
-:: The Advisory ::-
Seo Panel is prone to Critical File Disclosure due to download.php does not sanitize user-
input properly via the “file” GET-parameter.
By using ….// instead of ../ to traverse through directories and by appending a %00 byte
in the end of the request it is possible to load virtually any file that the webserver user has
read access to. The PHP function which reads & returns the data from the file is: readfile($var);Read more at http://www.criticalwatch.com
 

Advertisements