` -=[ SecurityReason-2005-SRA#01 ]=- -=[ Multiple vulnerabilities in paFileDB ]=- Author: sp3x Date: 8. March 2005 Affected software : =================== paFileDB version : => 3.1 Description : ============= paFileDB is designed to allow webmasters have a database of files for download on their site. To add a download, all you do is upload the file using FTP or whatever method you use, log into paFileDB's admin center, and fill out a form to add a file. paFileDB lets you edit and delete the files too. No more messing with a bunch of HTML pages for a file database on your site! Using speedy MySQL for storing data, and powerful PHP for processing everything, paFileDB is one of the best and easiest ways to manage files! Cross-site scripting - XSS : ============================ In PaFileDB there are XSS that can be used to steal cookies and do other operations, which in normal conditions are not permitted by browser's cross-domain security restrictions. First let's see the vuln code. /includes/functions.php Code: ------------------------------------------------------------------------------------------------- function jumpmenu($db, $pageurl,$pafiledb_sql,$str) { echo("

"); ..... -------------------------------------------------------------------------------------------------- Download the new version of the script or update. Vendor : ======== No respond Greetz : ======== Special greetz : cXIb8O3 (we are starting man :] ), pkw (you now :]) Contact : ========= sp3x[at]securityreason[dot].com www.securityreason.com `

Query Builder