[42188] in bugtraq
FullPath disclosure in Xaraya 1.0.1
daemon@ATHENA.MIT.EDU (king_purba@yahoo.co.uk)
Sat Jan 14 15:05:43 2006
Date: 14 Jan 2006 18:55:25 -0000
Message-ID: <20060114185525.25816.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: king_purba@yahoo.co.uk
To: bugtraq@securityfocus.com
Author : Ph03n1X
http://student.te.ugm.ac.id/~phoenix03
Description Software :
Xaraya v 1.0.1
http://xaraya.com
PoC :
1. http://site.xxx/xaraya/xaraya-1.0.1/html/includes/xarTemplate.php
Call to undefined function: xarcoregetvardirpath() in/usr/local/www/xaraya/xaraya-1.0.1/html/includes/xarTemplate.php on line 54
Vulner Code :
define('XAR_TPL_CACHE_DIR',xarCoreGetVarDirPath() . '/cache/templates');
Fix :
Create reference for function xarCoreGetVarDirPath()
2.http://site.xxx/xaraya/xaraya-1.0.1/html/includes/xarCore.php
Warning: main(includes/xarPreCore.php): failed to open stream: No such file or directory in /usr/local/www/xaraya/xaraya-1.0.1/html/includes/xarCore.php on line 104
Warning: main(): Failed opening 'includes/xarPreCore.php' for inclusion (include_path='.:/usr/lib/php') in /usr/local/www/xaraya/xaraya-1.0.1/html/includes/xarCore.php on line 104
Vulner Code :
include_once('includes/xarPreCore.php');
Fix :
include_once('xarPreCore.php');
And many other links in directory includes/
Turn on log error and turn off display error in php.ini can use to fix this security issue
