lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060521045441.30397.qmail@securityfocus.com>
Date: 21 May 2006 04:54:41 -0000
From: luny@...fucktard.com
To: bugtraq@...urityfocus.com
Subject: Destiney Rated Images Script v0.5.0 - XSS Vulnv


Destiney Rated Images Script v0.5.0

Homepage:

http://destiney.com/scripts

Description:

Destiney Rated Images script is continuation of the free phpRated script. Rated Images is a web application written in 

PHP for use with MySQL. Rated Images allows visitors to your site to list their pictures and have them rated by other members who may visit. Rated Images allows visitors to send other members private messages, as well as leavecomments. Members may rate other members on a scale of 1-10. Members may also participate in the mix/match section. Viewing and reviewing members can be accomplished a number of ways, and many options are available to encourage member interaction.

Effected Files:
addWeblog.php
leaveCommentReply.php
stats.php

------

stats.php Exploit:

SQL Injection of stats.php leads to full path disclosures.

Example:
http://www.example.com/stats.php?s=SELECT SUM( rating )FROM ds_image_ratings WHERE created ='x'


Notice: Undefined variable: scriptName in /home/destiney/domains/ratedsite.com/public_html/stats.php on line 624

Notice: Undefined variable: alt in /home/destiney/domains/ratedsite.com/public_html/stats.php(640) : eval()'d code on line 4

Notice: Undefined variable: desc in /home/destiney/domains/ratedsite.com/public_html/stats.php(640) : eval()'d code on line 8

-----

addWeblog.php Exploit: 

The input box for addweblog.php and leaveComments.php allows ceritan HTML tags include the <div> tag.

The comment reply input boxes not allow ceritan html tags, one being the <div> tag A user can add java script to the div tag and commit a XSS. 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ