| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Jun 2009 17:29:04 -0300 From: JP <j07ap3@...il.com> To: bugtraq@...urityfocus.com Subject: Report vulnerabilities Hi, Here's the vulnerabilities descriptions and POCs: ################################# I write to report three vulnerabilities that I found in the last version of Aardvark Topsites PHP(5.2.1) and older versions. The cause of all of them is the incorrect verification of input parameters. Here are the vulnerabilities: ================== HTML Injection (up to 5.2.0) -------------------------- For example, is possible to inject a link to any URL with any anchor text. POC: /index.php?a=search&q=psstt+security”><a+href%3Dhttp%3A%2F%2Fwebsec.id3as.com>Web-Application-Security Information Disclosure 1 (up to 5.2.1) -------------------------- Disclosure of full path of the application sources when you put a negative number at the ’start’ parameter. POC: /index.php?a=search&q=psstt&start=-4 Information Disclosure 2 (up to 5.2.0) -------------------------- Disclosure of full path of the application sources and some source code too when you put an non-existent user at ‘u’ parameter. POC: /index.php?a=rate&u=nonexistentuser ================== I created a page with the details and possible updates at: http://websec.id3as.com/aardvark-topsites-php-521-security-vulnerabilities-disclosure/ Feel free to ask me any question about this to properly report this vulnerabilities. Google Dork: "Powered by Aardvark Topsites PHP 5.2.0" (or 5.2.1 for the last version) ################################# Thanks, José Pablo González / J07AP3
Powered by blists - more mailing lists