TUCoPS :: Web BBS :: etc :: phpaxss.txt

PHP Arena XSS



[INTRO]



Some of you may be familiar with Pafiledb provided by

PHP arena. Well they just released a new version that

fixed a problem with their counting of files. Along

with that they said they fixed a possible security bug

involving using Javascript as a search string. I

checked it on my old version and it is infact there, so

I updated to the new version so the bugs can be fixed

and I checked it and it no longer works. I figured

where there is one there are bound to be others so I

went searching.



[Discovery]



I discoverd that there are three other XSS

vulnerabilities within the software wich can be

performed by editing the URL of three different sections.



AFFECTED:



* Rate File

* Email to Friend

* Download



UNAFFECTED:



* Stats



[Exploit]



http://ersatz.n3t.net/downloads/pafiledb.php?action=rate&id=4?"<script>alert('Testing')</script>"

http://ersatz.n3t.net/downloads/pafiledb.php?action=email&id=4?"<script>alert('Testing')</script>"

http://ersatz.n3t.net/downloads/pafiledb.php?action=download&id=4?"<script>alert('Testing')</script>"



I discovered this by clicking at first the link to

email to a friend and then removed everything out of

the URL after &id=4 and added

?<script>alert('Testing')</script>" and just as i

expected it worked. I moved on to email to a friend the

same way and it worked and then I proceded to make the

change

action=download&id=4?"<script>alert('Testing')</script>"

and again it worked. I then decided to check stats and

to my surprise there it did not work.



[END]



I have not contacted php arena as of yet but i am about

to, hopefully since they fixed it in the search feild

all they should have to do is release the code or apply

it themselves and then come out with an update. Wich

shouldnt take long. I hope



Another XSS vulnerability provided by ersatz

ersatz@n3t.net

http://ersatz.n3t.net  :: A nice place to chill out and

learn something new




TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH