Bug: [eVuln] TinyPHPForum Multiple Vulnerabilities ( Ascii Version )

Search:
WLB2

[eVuln] TinyPHPForum Multiple Vulnerabilities

Published
Credit
Risk
2006.01.07
alex evuln com
Low
CWE
CVE
Local
Remote
N/A
CVE-2006-0102
CVE-2006-0103
CVE-2006-0104
No
Yes

New eVuln Advisory:
TinyPHPForum Multiple Vulnerabilities

--------------------Summary----------------

Software: TinyPHPForum
Sowtware's Web Site: http://www.ralpharama.co.uk/tpf/
Versions: 3.6 and earlier
Critical Level: Moderate
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
Published: 2006.01.05
eVuln ID: EV0014

-----------------Description--------------
1. Arbitrary script execution is possible when posting a link.
Condition: visitor needs to click this link

2. Registered users information disclosure.
users dir isn't hidden by .htaccess in default installation.

3. Directory Traversal is possible. (creating new user, new topic, viewing user's profile)

--------------Exploit---------------------
1. Arbitrary script execution. Example:
[a]javascript:alert("hello")[/a]

2. Users information disclosure:
http://host/tpf/users/anyuser.hash
http://host/tpf/users/anyuser.email

3. Directory Traversal Example:
Registering new user.
username: http://host/tpf/profile.php?action=view&uname=../../username

--------------Solution---------------------
No Patch available.

--------------Credit---------------------
Original Advisory:
http://evuln.com/vulns/14/summary.html

Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version