[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060725223525.11870.qmail@securityfocus.com>
Date: 25 Jul 2006 22:35:25 -0000
From: dicomdk@...il.com
To: bugtraq@...urityfocus.com
Subject: Full Path Disclosure xGuestBook v1.02
###################Dicomdk####################
Full Path Disclosure xGuestBook v1.02 #
#
http://xatrix.xa.funpic.de/xguestbook2/ #
#
By : X-boy #
##############################################
http://[HOST]/post.php
Test : http://xatrix.xa.funpic.de/xguestbook2/post.php
Result :
========
Notice: Undefined index: user in [site]\post.php on line 15
Notice: Undefined index: mail in [site]\post.php on line 16
Notice: Undefined index: p in [site]\post.php on line 17
Notice: Undefined index: url in [site]\post.php on line 19
##############################################
Patch : #
##############################################
-Open post.php
-Find :
$user = HTMLSPECIALCHARS(trim($_POST['user']));
$email = HTMLSPECIALCHARS(trim($_POST['mail']));
$post = nl2br(HTMLSPECIALCHARS($_POST['p']));
$post = str_replace(" "," ",$post);
$url = HTMLSPECIALCHARS(trim($_POST['url']));
$date = date("Y-m-d g:i:s");
-Change to :
if (isset($_POST['user']) AND isset($_POST['mail']) AND isset($_POST['p']) AND isset($_POST['url']))
{
$user = HTMLSPECIALCHARS(trim($_POST['user']));
$email = HTMLSPECIALCHARS(trim($_POST['mail']));
$post = nl2br(HTMLSPECIALCHARS($_POST['p']));
$post = str_replace(" "," ",$post);
$url = HTMLSPECIALCHARS(trim($_POST['url']));
$date = date("Y-m-d g:i:s");
}
##############################################
Powered by blists - more mailing lists