Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

ByteHoard <= 2.1 multiple vulnerabilities

from [zerogue] Network Security [Permanent Link]
Subject: ByteHoard <= 2.1 multiple vulnerabilities
Date: 23 May 2006 17:54:15 -0000 
ByteHoard <= 2.1 multiple vulnerabilities

Discovered by: Nomenumbra
Date: 23/5/2006
impact:high (file manipulation,privilege escalation,possible defacement)

ByteHoard versions up to 2.1 are prone to multiple vulnerabilities, including 
directory traversal.

[0x00] Directory traversal:

Users are able to upload files to directories of other users, without having 
sufficient rights (even the admin's dir) or
(even worse) overwrite files there:

Steps:

1) log in
2) In your account upload the file you wish to place in the targetdir
3) Place a get request with an url constructed as follows: (just enter it in 
the adresbar and press enter):

http://host/bytehoardpath/index.php?page=copy&filepath=/yourusername/yourfile&infolder=/targetusername/pathtotargetfile/

thus setting the path where the target file gets copied to, allowing you to 
upload and (providing yourfile has the same filename as the target file) 
overwrite files (you now have full access to the file).

[0x01] File description xss:

File descriptions aren't filtered at all, allowing anyone to insert
arbitrary html of javascript code.

Nomenumbra
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • ByteHoard <= 2.1 multiple vulnerabilities, zerogue <=
Previous by Date:  PHP AGTC-Membership system <= v1.1a XSS, zerogue
Next by Date:  Assetman <= 2.4a XSS, zerogue
Previous by Thread:  PHP AGTC-Membership system <= v1.1a XSS, zerogue
Next by Thread:  Assetman <= 2.4a XSS, zerogue
Indexes:  [Date] [Thread] [Top] [All Lists]