lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 6 Jun 2006 00:01:17 -0000 From: luny@...fucktard.com To: bugtraq@...urityfocus.com Subject: Partial Links v1.2.2 Partial Links v1.2.2 Homepage: http://www.particlesoft.net/particlelinks/ Effected files: index.php page_footer.php admin.php Exploits & Vulnerabilities: Possible directory traversal?: http://www.example.com/Other_Sites/X_%2526_Y/../../../../../etc/passwd/ SQL Injection: http://www.example.com/index.php?topic=' Full path disclosure via page_footer.php: http://www.example.com/includes/page_footer.php Fatal error: Call to a member function on a non-object in /home/username/public_html/links/includes/page_footer.php on line 3 ((It should be notedpage_header.php gives full path errors too)) The input form box to login as admin can be spoofed to remove the max char limit allowed and the input data isn't properally sanatized before being generated dynamically too. For proof of concept try entering the following in the username box: >'';!--"<XSS><img src=lol.jpg>=&{()}<