[39138] in bugtraq
singapore v0.9.11 cross site scripting and path disclosure
daemon@ATHENA.MIT.EDU (thegreatone2176@yahoo.com)
Mon Jun 13 14:16:42 2005
Date: 12 Jun 2005 21:16:24 -0000
Message-ID: <20050612211624.32412.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: thegreatone2176@yahoo.com
To: bugtraq@securityfocus.com
Because of singapores heavy use of classes it has multiple path disclosure occurences. The following pages all produced class related errors when navigating directly to them in your browser.
gallery/includes/admin.class.php
templates/admin_default/ all the .tpl.php files
templates/default/ all the the .tpl.php files
Also the gallery $_GET parameter on www.site.com/index.php is not properly checked leading to cross site scripting. We used http://www.site.com/index.php?gallery=%3Cimg%20onmouseover=%22alert('hi')%22%20style=%22position:%20absolute;%20top:0px;%20left:%200px;%20width:%201000%;%20height:%201000%;%22%3E
and other similar scripts to produce the xss.
