PwsPHP v1.2.2 Final - Multiples vulnerabilities
PwsPHP v1.2.2 Final - Multiples vulnerabilities
-----------------------------------------------
VULNERABLE PRODUCT
------------------
Forum: Pwsphp
Version: 1.2.2 Final
Vulnerabilities: Multiples
--------------------------
__
____ __ __ ____ ____ / /_ ____
/ _ \/ / / / ___/ __ / __ \/ __ \/ __ \
/ /_/ / //\/ (__ ) /___/ / /_/ / / / / /_/ /
/ .___/\_/\/_/____/ / .___/_/ /_/ .___/
/_/ /_/ /_/
BACKGROUND
----------
Pws PHP, is a gate php or CMS (Content Managing System).
This gate allows you, to create a Web site, professional,
protected of A to Z without any preliminary knowledge !
Source: www.pwsphp.com
VULNERABILITIES
---------------
* Cross-Site Scripting / XSS
* SQL Injection
* Full Path Disclosure
* Cookies injection
* Unauthorized File Uploads
* Others ... but not fix yet.
-----------------------------
#### Pwsphp - Cross-Site Scripting ####
./index.php?mod=news&ac=plus&month=[XSS INJECTION]&annee=[XSS INJECTION]
./index.php?mod=stats&aff=forum&nbractif=[XSS INJECTION]
./index.php?mod=stats&aff=pages&annee=[XSS INJECTION]
./profil.php?id=1%20[XSS INJECTION]
./memberlist.php?mb_lettre=%A4%20[XSS INJECTION]
./memberlist.php?mb1_order=id&mb1_ord=DESC&lettre=[XSS INJECTION]
./index.php?&mod=recherche choix_recherche=2&chaine_search=[XSS
INJECTION]&multi_mots=tous&choix_forum=1&auteur_search=[XSS INJECTION]
#### Pwsphp - Cross-Site Scripting ####
#### Pwsphp - SQL Injection Exemple ####
./profil.php?id=A
Erreur -> SELECT * FROM `users` WHERE `users`.`id`=A
#### Pwsphp - SQL Injection Exemple ####
#### Pwsphp - Full Path Disclosure ####
Target: ./modules/admin/
Server reply: Warnings -> Full Path Disclosure /home/www/...
#### Pwsphp - Full Path Disclosure ####
#### Pwsphp - Cookies injection ####
It's possible to "spoof" any identities with a simple cookie injection.
- Cookie named: "Pseudo", then you can post comments.
#### Pwsphp - Cookies injection ####
#### Pwsphp - Unauthorized File Uploads ####
In Admin panel, you can "Add pictures", warning says that only JPG, GIF and PNG
are accepted.
But ... try with SWF or others, restrictions aren't enough.
#### Pwsphp - Unauthorized File Uploads ####
VENDOR STATUS
-------------
PwsPHP Team have been contacted: 15 april 2005
PwsPHP Team have been published fix: 07 may 2005
Our contact was: Emmanuel Bouillon
PwsPHP v1.2.3 is now available: http://www.pwsphp.com/lastissue.php
------------------------------------------------------------------
Just a little thing... never wrote "Protected of A to Z without any preliminary
knowledge" <- JoKe ?
And finally, a simple small "thanks" on your Web site or just in your ReadMe
file, will not take more time to you!
CREDiTS
----------------------
SecuBox Labs - fRoGGz
----------------------