Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[Full-disclosure] ASPListPics

[Kil13r-SA-20060609- 3] DreamWiz Search Cross-Site Scripting Vulnerability

[Kil13r-SA-20060609- 2] DaNaWa Search Cross-Site Scripting Vulnerability

[Kil13r-SA-20060609- 1] Daum Search Cross-Site Scripting Vulnerability

From:	luny_(at)_youfucktard.com <luny_(at)_youfucktard.com>
Date:	10.06.2006
Subject:	mole.com.ua Booking Script

Booking Script.

Homepage:
http://www.mole.com.ua

PError with full path disclosure and possible buffer overflow?:

http://www.example.com/week.php?year=2006&month=06&day=0'

Warning: checkdate() expects parameter 2 to be long, string given in
/home/httpd/vhosts/domain/subdomains/booking/httpdocs/week.php on line 26

The error msg above outputs continously in a loop, printing on the screen.

Another error message, due to timeout because the year variable was changed to an extremely high
number:

http://www.example.com/week.php?year=9000000&month=06&day=13&area=11&
room=22

Fatal error: Maximum execution time of 30 seconds exceeded
in /home/httpd/vhosts/domain/subdomains/booking/httpdocs/week.php on line 26