[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Yourfreeworld.com Short Url & Url Tracker Script

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Yourfreeworld.com Short Url & Url Tracker Script
From: luny@xxxxxxxxxxxxxxx
Date: 19 May 2006 03:45:05 -0000

((This is the second script I've tested from these people. It will be assumed 
for right now  that all of their scripts contain full path disclosure errors as 
well as XSS'ing))

Yourfreeworld.com Short Url & Url Tracker Script

Homepage:

http://www.yourfreeworld.com/script/shorturl.asp

Short Url Service with Url Tracker can be one of the most useful tools for any 
online marketer. 
Most of the online marketers don't want to send emails with URLs that break 
making the recipient have to go through the work of copying and pasting it into 
there browser window.
Most of them don't want to use one program to create a tiny url and than having 
to access another one to track it . 

Effected files:

login.php

Exploit: SQL injection of the file login.php leads to full path disclosures. 
The form you use to submit urls in is not filtered either, so a user can submit 
malicious data like <script> to preform XSS'ing.

Example:

Each action such as reset counter,view, delete etc works to preform the error.

http://www.example.com/shorturl/login.php?mode=resetcounter&id=34'

Prev by Date: [SECURITY] [DSA 1060-1] New kernel-patch-vserver packages fix privilege escalation
Next by Date: [SECURITY] [DSA 1061-1] New popfile packages fix denial of service
Previous by thread: [SECURITY] [DSA 1060-1] New kernel-patch-vserver packages fix privilege escalation
Next by thread: [SECURITY] [DSA 1061-1] New popfile packages fix denial of service
Index(es):
- Date
- Thread