——-Summary——
Software: Olate Download
Sowtware’s Web Site: http://www.olate.co.uk/
Versions: 3.4.2
Class: Remote
Status: Patched
Exploit: Available
Solution: Available
Discovered by: imei addmimistrator
Risk Level: Low
——Description—–
Olate download is prone to directory traversal in Uploads folder.
Directory traversal is usually not such an important security bug to report; But not in a spacial folder like Uploads. DIR Traversal bugs are not important because web applications have almost a specified file structure. But if this bug can help hacker to know more about target, It will be a vulnerability. Especially if he can download files that he has not supposed to do. All of us know that what file in which folder is there in a specified software. Logic of Olate wants that download link of files only be available through program’s output. But any file, uploaded on the sever (e.g. by users if admin specified to do) are available for download on Uploads folder, and user have not to get download link through the site. In fact any uploaded file, are available for download.
——-Exploit——–
/uploads/
——-Solution——-
Place an empty file named index.htm on mentioned folder or update to 3.4.3
——-Credit——–
Discovered by: imei addmimistrator
addmimistrator(4}gmail(O}com
www.myimei.com
2 Responses to “Olate Download 3.4.2~uploads folder ~ directory traversal”
Something to say?
You must be logged in to post a comment.
ok
Left by mohd.afsar on September 28th, 2007
This issue has been patched in the new version of Olate Download 3.4.3
Left by gburnes on October 8th, 2007