roopurt18 Posted November 12, 2007 Share Posted November 12, 2007 I've redone an interface in the application I maintain to be a bit friendlier and easier to use. The basic premise is that images are uploaded globally or project specific. Let's say an image is uploaded globally for an item APPL001; every project that has the item APPL001 will use that image. Then an image is uploaded for APPL001 for a specific project; from that point forward, within that project, APPL001 will display with the project-specific image. The interface should work with or without Javascript, although it's slightly more convenient to have it turned on. http://ns2271.serverpowered.net/wv/wattcommunities/ User: test Pass: testtest Follow the menu: Buyer Module -> Options Link to comment Share on other sites More sharing options...
php_tom Posted November 12, 2007 Share Posted November 12, 2007 Full Path Disclosure: http://ns2271.serverpowered.net/wv/wattcommunities/builder/options/upload/0173/*/15 Do you really want this to be accessible to all users? http://ns2271.serverpowered.net/wv/wattcommunities/builder/options/delete/0173/*/15 More full path disclosure: http://ns2271.serverpowered.net/wv/wattcommunities/admin/ Link to comment Share on other sites More sharing options...
roopurt18 Posted November 12, 2007 Author Share Posted November 12, 2007 More full path disclosure: http://ns2271.serverpowered.net/wv/wattcommunities/admin/ Fixed. Full Path Disclosure: http://ns2271.serverpowered.net/wv/wattcommunities/builder/options/upload/0173/*/15 Couldn't duplicate. Do you really want this to be accessible to all users? http://ns2271.serverpowered.net/wv/wattcommunities/builder/options/delete/0173/*/15 No, but the ACL-based permission system isn't fully implemented yet. I'm actually supposed to be working on that, but a client requested me to make a change to our options system. Since the previous options management system was such a train wreck, I decided to rewrite the entire thing. I still have to go through and enforce all of the ACL permissions throughout the site. Link to comment Share on other sites More sharing options...
agentsteal Posted November 12, 2007 Share Posted November 12, 2007 Cross Site Scripting: http://ns2271.serverpowered.net/wv/<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting when you upload an image if the image notes field contains </textarea>code. Cross Site Scripting: There is Cross Site Scripting if your username contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://ns2271.serverpowered.net/wv/ if your username contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://ns2271.serverpowered.net/wv/cti/ if your username contains ">code. Cross Site Scripting: There is Cross Site Scripting on http://ns2271.serverpowered.net/wv/gha/ if your username contains ">code. Drop Down Menu: If you edit the drop down menus on the options page you can submit arbitrary values. Full Path Disclosure: http://ns2271.serverpowered.net/wv/ line 42: /home/webview/public_html/webview_classes/Business/Session.php errno: 8 desc: Undefined offset: 2 request: line 44: /home/webview/public_html/webview_classes/Business/Session.php errno: 8 desc: Undefined offset: 2 request: Full Path Disclosure: There is Full Path Disclosure if the fields contain invalid values. line 20: /home/webview/public_html/webview_classes/UI/Components/General/Pagination.php errno: 2 desc: Division by zero request: Full Path Disclosure: There is Full Path Disclosure if you upload an image. line 17: /home/webview/public_html/webview_classes/Utility/ImageMagick.php errno: 2 desc: filesize(): Stat failed for /home/webview/public_html/webview_data/wattcommunities/images/2-thumb.gif (errno=2 - No such file or directory) request: line 19: /home/webview/public_html/webview_classes/Utility/ImageMagick.php errno: 2 desc: unlink(/home/webview/public_html/webview_data/wattcommunities/images/2-thumb.gif): No such file or directory request: line 95: /home/webview/public_html/webview_classes/UI/Pages/PageUtils.php errno: 2 desc: Cannot modify header information - headers already sent by (output started at /home/webview/public_html/err_handler.php:40) request: SQL Error: http://ns2271.serverpowered.net/wv/contact/ Error: Could not select database webview_contact. User Enumeration: http://ibsdev.serverpowered.net/~root User Enumeration: http://ibsdev.serverpowered.net/~webview Link to comment Share on other sites More sharing options...
roopurt18 Posted November 12, 2007 Author Share Posted November 12, 2007 The upload is vulnerable to Cross Site Scripting if the image notes contain </textarea>code. Fixed (I think). There is Full Path Disclosure when you upload an image. Could you possibly attach the file you uploaded? (Or if it does it with any file, what browser are you using?) Link to comment Share on other sites More sharing options...
roopurt18 Posted November 12, 2007 Author Share Posted November 12, 2007 There is Cross Site Scripting on http://ns2271.serverpowered.net/wv/cti/ if you try to log in with ">code in the username. There is Cross Site Scripting on http://ns2271.serverpowered.net/wv/gha/ if you try to log in with ">code in the username. Could you be so kind as to tell me how you came across those? Link to comment Share on other sites More sharing options...
roopurt18 Posted November 12, 2007 Author Share Posted November 12, 2007 There is Full Path Disclosure if you submit invalid values in the input boxes. line 20: /home/webview/public_html/webview_classes/UI/Components/General/Pagination.php errno: 2 desc: Division by zero request: Fixed, in terms of pagination.php Link to comment Share on other sites More sharing options...
Recommended Posts