PT-2011-3226 · Douran · Douran Portal

Hurr!C4Ne!

Published

2011-04-05

Updated

2018-10-09

CVE-2011-1569

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Douran Portal version 3.9.7.8

Description The issue allows remote attackers to obtain the source code of arbitrary files under the web root. This can be achieved through the "download.aspx" page by manipulating the FileNameAttach parameter with techniques such as appending a trailing ".", a trailing space, or using mixed case.

Recommendations For Douran Portal version 3.9.7.8, consider restricting access to the "download.aspx" page until a fix is available, and avoid using the FileNameAttach parameter with potentially vulnerable inputs.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2011-1569

Affected Products

Douran Portal

PT-2011-3226 · Douran · Douran Portal

CVE-2011-1569

Weakness Enumeration

Related Identifiers

Affected Products

References · 10