singapore v0.9.11 cross site scripting and path disclosure

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: singapore v0.9.11 cross site scripting and path disclosure
From: thegreatone2176@xxxxxxxxx
Date: 12 Jun 2005 21:16:24 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Because of singapores heavy use of classes it has multiple path disclosure 
occurences. The following pages all produced class related errors when 
navigating directly to them in your browser.

gallery/includes/admin.class.php
templates/admin_default/ all the .tpl.php files
templates/default/ all the the .tpl.php files

Also the gallery $_GET parameter on www.site.com/index.php is not properly 
checked leading to cross site scripting.  We used 
http://www.site.com/index.php?gallery=%3Cimg%20onmouseover=%22alert('hi')%22%20style=%22position:%20absolute;%20top:0px;%20left:%200px;%20width:%201000%;%20height:%201000%;%22%3E
and other similar scripts to produce the xss.

Prev by Date: File Upload Manager Sploits
Next by Date: [ GLSA 200506-11 ] Gaim: Denial of Service vulnerabilities
Previous by thread: Re: File Upload Manager Sploits
Next by thread: [ GLSA 200506-11 ] Gaim: Denial of Service vulnerabilities
Index(es):
- Date
- Thread