发布时间 :2005-06-09 00:00:00
修订时间 :2008-09-05 16:50:20

[原文]Directory traversal vulnerability in the (1) rmdir or (2) mkdir commands in upload.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to create or delete arbitrary directories via a .. (dot dot) in the dir parameter.

[CNNVD]YaPiG 'Upload.PHP' 目录遍历漏洞(CNNVD-200506-063)

        YaPiG 0.92b0.93u和0.94u版本程序的upload.php脚本中的(1)rmdir指令或 (2)mkdir指令存在目录遍历漏洞,远程攻击者可借助dir参数中的".."(参数中包含'..')创建或删除任意目录。

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BID  13877

- 漏洞信息

YaPiG 'Upload.PHP' 目录遍历漏洞
中危 路径遍历
2005-06-09 00:00:00 2005-10-20 00:00:00
        YaPiG 0.92b0.93u和0.94u版本程序的upload.php脚本中的(1)rmdir指令或 (2)mkdir指令存在目录遍历漏洞,远程攻击者可借助dir参数中的".."(参数中包含'..')创建或删除任意目录。

- 公告与补丁


- 漏洞信息

YaPiG upload.php dir Variable Arbitrary Directory Manipulation
Local Access Required, Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

YaPiG contains a flaw that allows an authenticated user to create and delete arbitrary directories outside of the gallery directory. The issue is due to the upload.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the dir variable.

- 时间线

2005-06-04 2005-05-29
2005-06-04 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

YaPiG Upload.PHP Directory Traversal Vulnerability
Input Validation Error 13877
Yes No
2005-06-06 12:00:00 2009-07-12 02:56:00
This vulnerability was discovered by an anonymous person. SecWatch reported this vulnerability.

- 受影响的程序版本

YaPiG YaPig 0.94 u
YaPiG YaPig 0.93 u
YaPiG YaPig 0.92 b

- 漏洞讨论

YaPiG is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An authorized user can add and delete arbitrary directories outside of the gallery directory by supplying directory traversal strings '../' to the vulnerable parameter. Exploitation of this vulnerability could lead to a loss of integrity and possibly loss of availability.

This issue is reported to affect YaPiG versions 0.92b, 0.93u and 0.94u; earlier versions may also be affected.

- 漏洞利用

No exploit is required.

The following proof of concept URI are available:
Arbitrary Directory Removal:

Arbitrary Directory Creation:

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 相关参考