Document Title: =============== Hagebaumarkt CMS - Directory Traversal Vulnerability Release Date: ============= 2011-07-29 Vulnerability Laboratory ID (VL-ID): ==================================== 159 Product & Service Introduction: =============================== Wir sind Ihr Partner in Sachen Bauen, Gestalten und Renovieren. Bei uns bekommen Sie alles, was Sie für Arbeiten in Haus, Wohnung und Garten benötigen: * Hochwertige Materialien * Professionelle Arbeitsgeräte * Kompetente und individuelle Beratung * Antworten auf alle Ihre Fragen und nützliche Tipps Wir helfen Ihnen, Lösungen zu finden – egal für welches Heimwerker-Problem. (Copy of the Vendor Homepage: http://www.hagebaumarkt-bayreuth.de/) Abstract Advisory Information: ============================== Vulnerability-Lab Team discovered a Directory-Traversal Vulnerability on Hagebaumarkt Content Management System. Vulnerability Disclosure Timeline: ================================== 2011-07-29: Public or Non-Public Disclosure Discovery Status: ================= Published Affected Product(s): ==================== Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A Directory-Traversal vulnerability is detected on the Hagebaumarkt Website Content Management System. The vulnerability allows an attacker to request all files on the affected application system. The vulnerability is located in the ;page= parameter of the web-application(CMS). Vulnerable Module(s): [+] ?page= Pictures: ../hgb.png Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers. For demonstration or reproduce ... File: index.php?page= Param: ?page= Directory Traversal - PoC Exploit