Bug: Destiney Rated Images Script v0.5.0 - XSS Vulnv ( Ascii Version )

Search:
WLB2

Destiney Rated Images Script v0.5.0 - XSS Vulnv

Published
Credit
Risk
2006.05.24
luny youfucktard com
Low
CWE
CVE
Local
Remote
CWE-79
CVE-2006-2533
CVE-2006-2532
No
Yes

Destiney Rated Images Script v0.5.0

Homepage:

http://destiney.com/scripts

Description:

Destiney Rated Images script is continuation of the free phpRated script. Rated Images is a web application written in

PHP for use with MySQL. Rated Images allows visitors to your site to list their pictures and have them rated by other
members who may visit. Rated Images allows visitors to send other members private messages, as well as leavecomments.
Members may rate other members on a scale of 1-10. Members may also participate in the mix/match section. Viewing and
reviewing members can be accomplished a number of ways, and many options are available to encourage member interaction.

Effected Files:

addWeblog.php

leaveCommentReply.php

stats.php

------

stats.php Exploit:

SQL Injection of stats.php leads to full path disclosures.

Example:

http://www.example.com/stats.php?s=SELECT SUM( rating )FROM ds_image_ratings WHERE created ='x'

Notice: Undefined variable: scriptName in /home/destiney/domains/ratedsite.com/public_html/stats.php on line 624

Notice: Undefined variable: alt in /home/destiney/domains/ratedsite.com/public_html/stats.php(640) : eval()'d code on
line 4

Notice: Undefined variable: desc in /home/destiney/domains/ratedsite.com/public_html/stats.php(640) : eval()'d code on
line 8

-----

addWeblog.php Exploit:

The input box for addweblog.php and leaveComments.php allows ceritan HTML tags include the <div> tag.

The comment reply input boxes not allow ceritan html tags, one being the <div> tag A user can add java script to
the div tag and commit a XSS.

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version