AOH :: HP Unsorted P :: B06-1103.HTM

Path disclosure and arbitrary file read vulnerability in slab5000
Path Disclosure and Arbitrary File Read Vulnerability in SLAB5000
Path Disclosure and Arbitrary File Read Vulnerability in SLAB5000

SLAB500 is a complete, dynamic, modular web-system designed to your specifications, allowing you to quickly and conveniently update all your content, add new pages, upload images, sounds and video from any browser, via our front-end interface from any location that you have web access.
-- taken from they website -- 

I discover 2 bugs one known as "path disclosure" and Arbitrary File Read Vulnerability in the SLAB5000 Content Management System that allow malicious attacker to read sensitive information about the system.

[Path Disclosure]
Due to improper sanity checks in the variable $page: 

Warning: main(/usr/www/users/username/slab500/common/../../../var/index.php): failed to open stream: No such file or directory in /usr/www/users/usernameb/slab500/folder/index.php on line 63

[File Read]

Due to imporper sanity inputs checks too, just adding the NULL byte and the end of the file: 

Edit the source to do sanity input checks as well.

Sorry if my english is bad :)

irc: #nt at Undernet
shoutz: warcold, KrOsS, HoOH, lsdx, jsz, and all the guyz from DO.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to