lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 1 Aug 2005 10:10:35 -0000 From: ABDUCTER_MINDS@...OO.COM To: bugtraq@...urityfocus.com Subject: Arab Portal Class: Input Validation Error Remote: Yes Local: Yes Credit: ABDUCTER [ABDUCTER_MINDS@...OO.COM] oR [ABDUCTER_MINDS76@...MAIL.COM] Vulnerable: Arab Portal v2.0 beta 2 *************************************** discussion :- ARAB PORTAL is powerful nuke designed by arabian programmers you can find source of it in http://www.arabportal.net THE bug in admin.php in this file </tr> <tr> <td align=center width=100 ><font size=2><b>المعرف</b></font> </td> <td><input type=text size=20 name=user_name value=""></td> </tr> <tr> <td align= center width= 100 ><font size=2><b>كلمة المرور</b></font></td> <td><b><input type=password size=20 name=user_pass value=""></b></td> </tr> AS WE SEE THEY LIMIT SIZE OF USER AND PASS TO 20 if you entre pass or user more than 20 numbers or letters it will make error give you full information about path as it Fatal error: Call to undefined function: errmsg() in /home/****/public_html/admin/aclass/admin_func.php on line 81 *************************************** exploit :- http://www.victim.com/forum/admin/index.php *************************************** CREDITS :- FOR ALL ARAB {EGYPT} WWW.S4A.CC TO MY LOVE (N0N0)