AOH :: HP Unsorted R :: BT-21233.HTM

Report vulnerabilities



Report vulnerabilities
Report vulnerabilities



Hi,

Here's the vulnerabilities descriptions and POCs:
#################################

I write to report three vulnerabilities that I found in the last version 
of Aardvark Topsites PHP(5.2.1) and older versions.

The cause of all of them is the incorrect verification of input parameters.


Here are the vulnerabilities:
=================
HTML Injection (up to 5.2.0)
--------------------------

For example, is possible to inject a link to any URL with any anchor text.

POC: 
/index.php?a=search&q=psstt+security=94>Web-Application-Security 



Information Disclosure 1 (up to 5.2.1)
--------------------------

Disclosure of full path of the application sources when you put a 
negative number at the =92start=92 parameter.

POC: /index.php?a=search&q=psstt&start=-4


Information Disclosure 2 (up to 5.2.0)
--------------------------

Disclosure of full path of the application sources and some source code 
too when you put an non-existent user at =91u=92 parameter.

POC: /index.php?a=rate&u=nonexistentuser
=================
I created a page with the details and possible updates at: 
http://websec.id3as.com/aardvark-topsites-php-521-security-vulnerabilities-disclosure/ 



Feel free to ask me any question about this to properly report this 
vulnerabilities.

Google Dork: "Powered by Aardvark Topsites PHP 5.2.0"
(or 5.2.1 for the last version)

#################################

Thanks,
Jos=E9 Pablo Gonz=E1lez / J07AP3



The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.