Arab Portal

ABDUCTER_MINDS_at_YAHOO.COM
Date: 08/01/05

  • Next message: Florian Weimer: "Re: [VulnWatch] The Java applet sandbox and stateful firewalls"
    Date: 1 Aug 2005 10:10:35 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) Class: Input Validation Error
    Remote: Yes
    Local: Yes
    Credit: ABDUCTER [ABDUCTER_MINDS@YAHOO.COM] oR [ABDUCTER_MINDS76@HOTMAIL.COM]
    Vulnerable: Arab Portal v2.0 beta 2
    ***************************************

    discussion :- ARAB PORTAL is powerful nuke designed by arabian programmers you
    can find source of it in http://www.arabportal.net
    THE bug in admin.php in this file

     </tr>
            <tr>
            <td align=center width=100 ><font size=2><b>&#1575;&#1604;&#1605;&#1593;&#1585;&#1601;</b></font> </td>
            <td><input type=text size=20 name=user_name value=""></td>
            </tr>
            <tr>
            <td align= center width= 100 ><font size=2><b>&#1603;&#1604;&#1605;&#1577; &#1575;&#1604;&#1605;&#1585;&#1608;&#1585;</b></font></td>
            <td><b><input type=password size=20 name=user_pass value=""></b></td>
            </tr>
    AS WE SEE THEY LIMIT SIZE OF USER AND PASS TO 20
    if you entre pass or user more than 20 numbers or letters it will make error
    give you full information about path as it
    Fatal error: Call to undefined function: errmsg() in /home/****/public_html/admin/aclass/admin_func.php on line 81

    ***************************************

    exploit :- http://www.victim.com/forum/admin/index.php

    ***************************************
    CREDITS :- FOR ALL ARAB {EGYPT}
               WWW.S4A.CC
               TO MY LOVE (N0N0)


  • Next message: Florian Weimer: "Re: [VulnWatch] The Java applet sandbox and stateful firewalls"

    Relevant Pages

    • SQL IN PortailPHP
      ... Class: Input Validation Error ... Remote: Yes ... PortailPHP 2.4 and all version ... discussion:- sql in indwx.php make an error in database and appear full path informathion like ...
      (Bugtraq)
    • Re: Multiple Vulnerabilities in Invision Power Board v1.3.1 Final.
      ... ('binary' encoding is not supported, ... >Vulnerable Systems: Invision Power Board v1.3.1 Final. ... >$sql_fields is vulnerable to An Input Validation Error. ...
      (Bugtraq)