Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Website Baker Project Multiple Vulnerabilities

from [thegreatone2176] Network Security [Permanent Link]
Subject: Website Baker Project Multiple Vulnerabilities
Date: 28 Jul 2005 05:13:12 -0000 
----------------------------------------------------------
Website Baker Project Multiple Vulnerabilities
----------------------------------------------------------

Vulnerabilities
---------------

1) admin/media/browse.php

The "dir" parameter is vulnerable to xss. Also the script blocks ../ but if a 
non-existant 

directory is chosen the script tries to read it and the error gives path 
disclosure.

2) 25 accounts of path disclosure when a file is directly accessed. There is 
too many too list so 

I will just leave them out.

3) In admin/media users are allowed to upload media for their site. This area 
is supposed to be 

for picture and maybe songs, but the final extension is not checked and php 
files are able to be 

uploaded and executed on the server. Even though its in the admin directory 
regular users can use 

this feauture if the admin allows it, so site admins should be aware of this.

Solutions
---------

1) Check to see if the directory exists before trying to read from it. Strip 
tags from the 

variable to stop the xss.

2) Check to see if a file is directly accessed and if it is have the script die.

3) Edit the source code to disallow file extensions that could lead to 
malicious scripts being 

run on the server.

Credit
------

thegreatone2176
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Website Baker Project Multiple Vulnerabilities, thegreatone2176 <=
Previous by Date:  Re: eBay phishing - phishers are getting better, [at]
Next by Date:  [Full-disclosure] [FLSA-2005:163559] Updated php packages fix security issues, Marc Deslauriers
Previous by Thread:  Cross Site Scripting vulnerabilities in GForge, Joxean Koret
Next by Thread:  [Full-disclosure] [FLSA-2005:163559] Updated php packages fix security issues, Marc Deslauriers
Indexes:  [Date] [Thread] [Top] [All Lists]