Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   Man Page Lookup Vendors:   Collington, Andrew
Man Page Lookup $cmd Input Validation Flaw Discloses Files to Remote Users
SecurityTracker Alert ID:  1008689
SecurityTracker URL:
CVE Reference:   CVE-2004-0071   (Links to External Site)
Updated:  Jan 20 2004
Original Entry Date:  Jan 13 2004
Impact:   Disclosure of system information, Disclosure of user information
Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability was reported in Man Page Lookup. A remote user can view files on the system with the privileges of the target web service.

It is reported that the 'class.manpagelookup.php' script does not properly validate user-supplied input. A remote user can specify an absolute path filename to view the specified file. A demonstration exploit URL is provided:


The flaw reportedly resides in the buildManPage() function.

Impact:   A remote user can view files on the target system with the privileges of the web server process.
Solution:   The vendor reportedly issued a fix on January 2, 2004, available at:

Vendor URL: (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents

Subject:  PHP Manpage lookup directory transversal / file disclosing

Hi ppl,

_Manpage Lookup_ is a PHP class that helps you to build a "manpage"
frontend in php. It is powered by Andy (

The script _class.manpagelookup.php_ was vulnerable to a directory
transversal bug (because of leaks is input validation) that could lead
to disclose any readable (by the httpd process id) files on the remote

The problem was located in the function buildManPage(), the $cmd
variable was not filtered enough and the path of any file to open could
be given across the user input.

Exploiting this issue was easy:

The vulnerability has now been fixed by Andy. All people who are running
this script should upgrade asap (

Best regards,



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC