by r0t,der4444,cembo,VietMafia

Friday, December 16, 2005

RED QUEEN Path Disclosure

RED QUEEN Path Disclosure

Vuln. discovered by : r0t
Date: 16 dec. 2005
vendor:http://www.randommouse.com/cgi-bin/rms/
product/about/about_product.cgi?sku=REDQN
&referer=hotscripts&creative=link_indexing
affected version:1.02 and prior

Product Description:

Now with zipcode-based searching and image galleries! Large sites rely on user reviews to provide efficient wealth discovery of the content of their pages. Red Queen features the most advanced review system available in a Link Manager. With custom ratings per category, custom SQL fields, file uploads, auto-thumbnailing, templates, forum membership integration, top reviewers, a powerful search engine, link validation, and static page builds among its features, you're set to compete with the big sites. You can even set up Groups for Members to join, Yellow Pages for Suppliers, and everything is reviewable, even the members themselves!


Vuln. Description:

RED QUEEN "redqueen.cgi" does not verify user input supplied to the "yellowpage_id" "skin_id" "supplier_id". A malicious person can exploit this to gain knowledge of the full path to the installation directory by sending a HTTP request including invalid input to those paremters.

examples:

/redqueen.cgi?module=find_supplier&yellowpage_id=x

/redqueen.cgi?module=supplier&supplier_id=48&skin_id=x

/redqueen.cgi?module=supplier&supplier_id=x

/redqueen.cgi?module=x

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew