Vulnerability Note VU#338956
DOMIT! RSS testing_domitrss.php discloses local files
A vulnerability in DOMIT! RSS allows an attacker to read local files.
DOMIT! RSS is an RSS parser for PHP. DOMIT! RSS includes a test script called testing_domitrss.php. This script writes out the contents of any user-supplied URL to a local file named the MD5 hash of the URL (e.g., md5 -s [string]). The script doesn't validate the user-supplied URL, so an attacker can provide any string as input, such as a local file (e.g., /etc/passwd) and predictably know the name of the file to access it.
DOMIT! RSS Parser is included as a component in other software packages, notably trixbox and SugarCRM. Reports indicate scanning activity for vulnerable trixbox installations.
An unauthenticated remote attacker could read any file accessible to the user executing testing_domitrss.php (typically the web server process).
Vendor Information (Learn More)
Any software that uses DOMIT! RSS may be affected, not only trixbox and SugarCRM.
|Vendor||Status||Date Notified||Date Updated|
|Fonality||Affected||15 Jul 2009||11 Jan 2013|
|SugarCRM||Affected||-||11 Jan 2013|
|trixbox||Affected||15 Jul 2009||11 Jan 2013|
CVSS Metrics (Learn More)
This document was written by Art Manion.
- CVE IDs: Unknown
- Date Public: 04 Feb 2009
- Date First Published: 11 Jan 2013
- Date Last Updated: 11 Jan 2013
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.