Computer Security

Security Advisory: Arab Portal
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  PHP, ASP, CGI web applications security vulnerabilities

  ipb Css bug(now public)

  [SA16281] Denora IRC Stats "rdb_query()
" Buffer Overflow Vulnerability

  [SA16337] Jax Guestbook Cross-Site Scripting and Information Disclosure

  [SA16333] Jax Calendar Cross-Site Scripting Vulnerability

From:SECUNIA <support_(at)_secunia.com>
Date:03.08.2005
Subject:Arab Portal

Class:  Input Validation Error  
Remote:  Yes  
Local:  Yes
Credit: ABDUCTER  [ABDUCTER_MINDS@YAHOO.COM] oR [ABDUCTER_MINDS76@HOTMAIL.COM]
Vulnerable:  Arab Portal v2.0 beta 2
***************************************

discussion :- ARAB PORTAL is powerful nuke designed by arabian programmers you
can find source of it in http://www.arabportal.net
THE bug in admin.php in this file

</tr>
       <tr>
       <td  align=center width=100 ><font size=2><b>المعرف</b></font>

</td>
       <td><input type=text size=20 name=user_name value=""></td>
       </tr>
       <tr>
       <td align= center width= 100 ><font size=2><b>كلمة
المرور</b></font></td>
       <td><b><input type=password size=20 name=user_pass value=""></b></td>
       </tr>
AS WE SEE THEY LIMIT SIZE OF USER AND PASS TO 20
if you entre pass or user more than 20 numbers or letters it will make error
give you full information about path as it
Fatal error: Call to undefined function: errmsg() in /home/****/public_html/admin/aclass/admin_func.php on
line 81


***************************************

exploit :- http://www.victim.com/forum/admin/index.php

***************************************
CREDITS :- FOR ALL ARAB {EGYPT}
          WWW.S4A.CC
          TO MY LOVE (N0N0)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru