Hi SecurityVulns team,
I write to report three vulnerabilities that I found in the last version
of Aardvark Topsites PHP(5.2.1) and older versions.
The cause of all of them is the incorrect verification of input parameters.
For example, is possible to inject a link to any URL with any anchor text.
POC:
/index.php?a=search&q=psstt+security”><a+href%3Dhttp%3A%2F%2Fwebsec.id3as.com>Web-Application-Security
Disclosure of full path of the application sources when you put a
negative number at the ’start’ parameter.
POC: /index.php?a=search&q=psstt&start=-4
Disclosure of full path of the application sources and some source code
too when you put an non-existent user at ‘u’ parameter.
I created a page with the details:
http://websec.id3as.com/aardvark-topsites-php-521-security-vulnerabilities-disclosure/
Feel free to ask me any question about this to properly report this
vulnerabilities.
Google Dork: "Powered by Aardvark Topsites PHP 5.2.0"
(or 5.2.1 for the last version)
Thanks,
José Pablo González