Website Baker Project Multiple Vulnerabilities
----------------------------------------------------------
Website Baker Project Multiple Vulnerabilities
----------------------------------------------------------
Vulnerabilities
---------------
1) admin/media/browse.php
The "dir" parameter is vulnerable to xss. Also the script blocks ../ but if a
non-existant
directory is chosen the script tries to read it and the error gives path
disclosure.
2) 25 accounts of path disclosure when a file is directly accessed. There is
too many too list so
I will just leave them out.
3) In admin/media users are allowed to upload media for their site. This area
is supposed to be
for picture and maybe songs, but the final extension is not checked and php
files are able to be
uploaded and executed on the server. Even though its in the admin directory
regular users can use
this feauture if the admin allows it, so site admins should be aware of this.
Solutions
---------
1) Check to see if the directory exists before trying to read from it. Strip
tags from the
variable to stop the xss.
2) Check to see if a file is directly accessed and if it is have the script die.
3) Edit the source code to disallow file extensions that could lead to
malicious scripts being
run on the server.
Credit
------
thegreatone2176