Web Application Security

Aardvark Topsites PHP 5.2.1 security vulnerabilities disclosure

Posted by admin in Advisories, Vulnerabilities on April 1st, 2009

Some months ago, working in a site with Aardvark Topsites PHP application, I found a couple of information disclosure vulnerabilities and an HTML injection(Cross-site scripting) vulnerability.

Now I have some time and after some emails with the application developer I decided to report it and publish here.

There are easy to fix bugs and I hope that helps to improve this application security.

All of them are caused by lack of input verification and sanitization.

Affected versions: 5.2.1 and older

Publishing disclosure date: April 2009

Exploit details:

HTML Injection / XSS

(up to version 5.2.0)
For example, is possible to inject a link to any URL with any anchor text.

POC: /index.php?a=search&q=psstt+security”><a+href%3Dhttp%3A%2F%2Fwebsec.id3as.com>Web-Application-Security

Information Disclosure 1

(up to version 5.2.1)
Disclosure of full path of the application sources when you put a negative number at the ’start’ parameter.

POC: /index.php?a=search&q=psstt&start=-4

Information Disclosure 2

(up to version 5.2.0)
Disclosure of full path of the application sources and some source code too when you put an non-existent user at ‘u’ parameter.

POC: /index.php?a=rate&u=nonexistentuser

aardvark topsites, advisory, exploit, information disclosure, vulnerability, XSS

No Comments