Jump to content

Recommended Posts

I've redone an interface in the application I maintain to be a bit friendlier and easier to use.

 

The basic premise is that images are uploaded globally or project specific.  Let's say an image is uploaded globally for an item APPL001; every project that has the item APPL001 will use that image.  Then an image is uploaded for APPL001 for a specific project; from that point forward, within that project, APPL001 will display with the project-specific image.

 

The interface should work with or without Javascript, although it's slightly more convenient to have it turned on.

 

http://ns2271.serverpowered.net/wv/wattcommunities/

 

User: test

Pass: testtest

 

Follow the menu: Buyer Module -> Options

Link to comment
https://forums.phpfreaks.com/topic/77047-picture-uploading/
Share on other sites

Fixed.

 

Couldn't duplicate.

 

Do you really want this to be accessible to all users?

http://ns2271.serverpowered.net/wv/wattcommunities/builder/options/delete/0173/*/15

No, but the ACL-based permission system isn't fully implemented yet.  I'm actually supposed to be working on that, but a client requested me to make a change to our options system.  Since the previous options management system was such a train wreck, I decided to rewrite the entire thing.  I still have to go through and enforce all of the ACL permissions throughout the site.

Link to comment
https://forums.phpfreaks.com/topic/77047-picture-uploading/#findComment-390199
Share on other sites

Cross Site Scripting:

http://ns2271.serverpowered.net/wv/<marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

There is Cross Site Scripting when you upload an image if the image notes field contains </textarea>code.

 

Cross Site Scripting:

There is Cross Site Scripting if your username contains ">code.

 

Cross Site Scripting:

There is Cross Site Scripting on http://ns2271.serverpowered.net/wv/ if your username contains ">code.

 

Cross Site Scripting:

There is Cross Site Scripting on http://ns2271.serverpowered.net/wv/cti/ if your username contains ">code.

 

Cross Site Scripting:

There is Cross Site Scripting on http://ns2271.serverpowered.net/wv/gha/ if your username contains ">code.

 

Drop Down Menu:

If you edit the drop down menus on the options page you can submit arbitrary values.

 

Full Path Disclosure:

http://ns2271.serverpowered.net/wv/

line 42: /home/webview/public_html/webview_classes/Business/Session.php

errno: 8

desc: Undefined offset: 2

request:

line 44: /home/webview/public_html/webview_classes/Business/Session.php

errno: 8

desc: Undefined offset: 2

request:

 

Full Path Disclosure:

There is Full Path Disclosure if the fields contain invalid values.

line 20: /home/webview/public_html/webview_classes/UI/Components/General/Pagination.php

errno: 2

desc: Division by zero

request:

 

Full Path Disclosure:

There is Full Path Disclosure if you upload an image.

line 17: /home/webview/public_html/webview_classes/Utility/ImageMagick.php

errno: 2

desc: filesize(): Stat failed for /home/webview/public_html/webview_data/wattcommunities/images/2-thumb.gif (errno=2 - No such file or directory)

request:

line 19: /home/webview/public_html/webview_classes/Utility/ImageMagick.php

errno: 2

desc: unlink(/home/webview/public_html/webview_data/wattcommunities/images/2-thumb.gif): No such file or directory

request:

line 95: /home/webview/public_html/webview_classes/UI/Pages/PageUtils.php

errno: 2

desc: Cannot modify header information - headers already sent by (output started at /home/webview/public_html/err_handler.php:40)

request:

 

SQL Error:

http://ns2271.serverpowered.net/wv/contact/

Error: Could not select database webview_contact.

 

User Enumeration:

http://ibsdev.serverpowered.net/~root

 

User Enumeration:

http://ibsdev.serverpowered.net/~webview

Link to comment
https://forums.phpfreaks.com/topic/77047-picture-uploading/#findComment-390211
Share on other sites

The upload is vulnerable to Cross Site Scripting if the image notes contain </textarea>code.

Fixed (I think).

 

There is Full Path Disclosure when you upload an image.

Could you possibly attach the file you uploaded?  (Or if it does it with any file, what browser are you using?)

 

 

Link to comment
https://forums.phpfreaks.com/topic/77047-picture-uploading/#findComment-390227
Share on other sites

There is Cross Site Scripting on http://ns2271.serverpowered.net/wv/cti/ if you try to log in with ">code in the username.

 

There is Cross Site Scripting on http://ns2271.serverpowered.net/wv/gha/ if you try to log in with ">code in the username.

 

Could you be so kind as to tell me how you came across those?

Link to comment
https://forums.phpfreaks.com/topic/77047-picture-uploading/#findComment-390239
Share on other sites

There is Full Path Disclosure if you submit invalid values in the input boxes.

line 20: /home/webview/public_html/webview_classes/UI/Components/General/Pagination.php

errno: 2

desc: Division by zero

request:

Fixed, in terms of pagination.php

Link to comment
https://forums.phpfreaks.com/topic/77047-picture-uploading/#findComment-390241
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.