AlstraSoft Web Host Directory v1.2 Homepage: http://www.alstrasoft.com/ ((It should be noted too that the demo for this script is on a different domain which also sells a WebHost Directory which looks to be the same product/company called HyperStop WebHost Directory 1.2. Both scripts seem to be the same)) Effected files: Login form of script. Search form of script. Review form of script. ------------------------------------------ Exploits & Vulns: Inserting html codes in the login form such as:produces the following full path error: Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /home/username/public_html/ demo/webhost/include/login.php on line 6 --------------------------- URL Injection of the search url reveals SQL Query error: Example: http://www.example.com/demo/webhost/search/?uri=' Unknown column 'p.' in 'where clause' [SELECT COUNT(*) FROM `hsl_plan` p LEFT JOIN `hsl_host` h ON p.hid=h.hid WHERE p.status=1 AND p.``=''] -------------------------- Input data isn't filtered in the write a review box. This in turn can cause a XSS. For proof of concept, just try puttingin as the review text and then login in as the admin and view your review. Reviews have an option to be auto approved too.TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2024 AOH