lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 14 Jan 2006 18:55:25 -0000
From: king_purba@...oo.co.uk
To: bugtraq@...urityfocus.com
Subject: FullPath disclosure in Xaraya 1.0.1


Author : Ph03n1X
http://student.te.ugm.ac.id/~phoenix03

Description Software :
Xaraya v 1.0.1
http://xaraya.com 

PoC :
1. http://site.xxx/xaraya/xaraya-1.0.1/html/includes/xarTemplate.php
Call to undefined function: xarcoregetvardirpath() in/usr/local/www/xaraya/xaraya-1.0.1/html/includes/xarTemplate.php on line 54
Vulner Code :
 define('XAR_TPL_CACHE_DIR',xarCoreGetVarDirPath() . '/cache/templates');
Fix :
Create reference for function xarCoreGetVarDirPath()

2.http://site.xxx/xaraya/xaraya-1.0.1/html/includes/xarCore.php 
Warning: main(includes/xarPreCore.php): failed to open stream: No such file or directory in /usr/local/www/xaraya/xaraya-1.0.1/html/includes/xarCore.php on line 104
Warning: main(): Failed opening 'includes/xarPreCore.php' for inclusion (include_path='.:/usr/lib/php') in /usr/local/www/xaraya/xaraya-1.0.1/html/includes/xarCore.php on line 104

Vulner Code :
include_once('includes/xarPreCore.php');
Fix :
include_once('xarPreCore.php');

And many other links in directory includes/
Turn on log error and turn off display error in php.ini can use to fix this security issue

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ