| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050728051312.24628.qmail@securityfocus.com> Date: 28 Jul 2005 05:13:12 -0000 From: thegreatone2176@...oo.com To: bugtraq@...urityfocus.com Subject: Website Baker Project Multiple Vulnerabilities ---------------------------------------------------------- Website Baker Project Multiple Vulnerabilities ---------------------------------------------------------- Vulnerabilities --------------- 1) admin/media/browse.php The "dir" parameter is vulnerable to xss. Also the script blocks ../ but if a non-existant directory is chosen the script tries to read it and the error gives path disclosure. 2) 25 accounts of path disclosure when a file is directly accessed. There is too many too list so I will just leave them out. 3) In admin/media users are allowed to upload media for their site. This area is supposed to be for picture and maybe songs, but the final extension is not checked and php files are able to be uploaded and executed on the server. Even though its in the admin directory regular users can use this feauture if the admin allows it, so site admins should be aware of this. Solutions --------- 1) Check to see if the directory exists before trying to read from it. Strip tags from the variable to stop the xss. 2) Check to see if a file is directly accessed and if it is have the script die. 3) Edit the source code to disallow file extensions that could lead to malicious scripts being run on the server. Credit ------ thegreatone2176
Powered by blists - more mailing lists