FullPath disclosure in Xaraya 1.0.1

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: FullPath disclosure in Xaraya 1.0.1
From: king_purba@xxxxxxxxxxx
Date: 14 Jan 2006 18:55:25 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Author : Ph03n1X
http://student.te.ugm.ac.id/~phoenix03

Description Software :
Xaraya v 1.0.1
http://xaraya.com 

PoC :
1. http://site.xxx/xaraya/xaraya-1.0.1/html/includes/xarTemplate.php
Call to undefined function: xarcoregetvardirpath() 
in/usr/local/www/xaraya/xaraya-1.0.1/html/includes/xarTemplate.php on line 54
Vulner Code :
 define('XAR_TPL_CACHE_DIR',xarCoreGetVarDirPath() . '/cache/templates');
Fix :
Create reference for function xarCoreGetVarDirPath()

2.http://site.xxx/xaraya/xaraya-1.0.1/html/includes/xarCore.php 
Warning: main(includes/xarPreCore.php): failed to open stream: No such file or 
directory in /usr/local/www/xaraya/xaraya-1.0.1/html/includes/xarCore.php on 
line 104
Warning: main(): Failed opening 'includes/xarPreCore.php' for inclusion 
(include_path='.:/usr/lib/php') in 
/usr/local/www/xaraya/xaraya-1.0.1/html/includes/xarCore.php on line 104

Vulner Code :
include_once('includes/xarPreCore.php');
Fix :
include_once('xarPreCore.php');

And many other links in directory includes/
Turn on log error and turn off display error in php.ini can use to fix this 
security issue

Prev by Date: ezDatabase 2.0 and below
Next by Date: [KAPDA::#21] - HomeFtp v1.1 Denial of Service
Previous by thread: ezDatabase 2.0 and below
Next by thread: [KAPDA::#21] - HomeFtp v1.1 Denial of Service
Index(es):
- Date
- Thread