Web Application Security » Advisories http://websec.id3as.com Application and network security research and other interesting things... Thu, 24 Mar 2011 20:17:13 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Aardvark Topsites PHP 5.2.1 security vulnerabilities disclosure http://websec.id3as.com/aardvark-topsites-php-521-security-vulnerabilities-disclosure/ http://websec.id3as.com/aardvark-topsites-php-521-security-vulnerabilities-disclosure/#comments Wed, 01 Apr 2009 23:27:39 +0000 admin http://websec.id3as.com/?p=3 Some months ago, working in a site with Aardvark Topsites PHP application, I found a couple of information disclosure vulnerabilities and an HTML injection(Cross-site scripting) vulnerability.

.

Now I have some time and after some emails with the application developer I decided to report it and publish here.

.

There are easy to fix bugs and I hope that helps to improve this application security.

.

All of them are caused by lack of input verification and sanitization.

.

Affected versions: 5.2.1 and older

Publishing disclosure date: April 2009

.

Exploit details:

.

.

HTML Injection / XSS

(up to version 5.2.0)
For example, is possible to inject a link to any URL with any anchor text.

POC: /index.php?a=search&q=psstt+security”><a+href%3Dhttp%3A%2F%2Fwebsec.id3as.com>Web-Application-Security

.

Information Disclosure 1

(up to version 5.2.1)
Disclosure of full path of the application sources when you put a negative number at the ‘start’ parameter.

POC: /index.php?a=search&q=psstt&start=-4

.

Information Disclosure 2

(up to version 5.2.0)
Disclosure of full path of the application sources and some source code too when you put an non-existent user at ‘u’ parameter.

POC: /index.php?a=rate&u=nonexistentuser

.

]]> http://websec.id3as.com/aardvark-topsites-php-521-security-vulnerabilities-disclosure/feed/ 1