| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 25 Jul 2006 22:35:25 -0000
From: dicomdk@...il.com
To: bugtraq@...urityfocus.com
Subject: Full Path Disclosure xGuestBook v1.02
###################Dicomdk####################
Full Path Disclosure xGuestBook v1.02 #
#
http://xatrix.xa.funpic.de/xguestbook2/ #
#
By : X-boy #
##############################################
http://[HOST]/post.php
Test : http://xatrix.xa.funpic.de/xguestbook2/post.php
Result :
========
Notice: Undefined index: user in [site]\post.php on line 15
Notice: Undefined index: mail in [site]\post.php on line 16
Notice: Undefined index: p in [site]\post.php on line 17
Notice: Undefined index: url in [site]\post.php on line 19
##############################################
Patch : #
##############################################
-Open post.php
-Find :
$user = HTMLSPECIALCHARS(trim($_POST['user']));
$email = HTMLSPECIALCHARS(trim($_POST['mail']));
$post = nl2br(HTMLSPECIALCHARS($_POST['p']));
$post = str_replace(" "," ",$post);
$url = HTMLSPECIALCHARS(trim($_POST['url']));
$date = date("Y-m-d g:i:s");
-Change to :
if (isset($_POST['user']) AND isset($_POST['mail']) AND isset($_POST['p']) AND isset($_POST['url']))
{
$user = HTMLSPECIALCHARS(trim($_POST['user']));
$email = HTMLSPECIALCHARS(trim($_POST['mail']));
$post = nl2br(HTMLSPECIALCHARS($_POST['p']));
$post = str_replace(" "," ",$post);
$url = HTMLSPECIALCHARS(trim($_POST['url']));
$date = date("Y-m-d g:i:s");
}
##############################################
Powered by blists - more mailing lists