|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : SecurityReason Advisory | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 Advisory Text : -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [phpAdsNew 2.0.4-pr1 Multiple vulnerabilities cXIb8O3.9] Author: Maksymilian Arciemowicz (cXIb8O3) Date: 13.3.2005 from securityreason.com TEAM - --- 0.Description --- phpAdsNew is an open-source ad server, with an integrated banner management interface and tracking system for gathering statistics. With phpAdsNew you can easily rotate paid banners and your own in-house advertisements. You can even integrate banners from third party advertising companies. - --- 1. Full Path Disclosure --- If you can see error.. 1.0 http://[HOST]/[DIR]/libraries/lib-xmlrpcs.inc.php Error message : - --------------- Warning: main(phpAds_path/libraries/lib-xmlrpc.inc.php) [function.main]: failed to open stream: No such file or directory in /www/phpAdsNew-2.0.3/libraries/lib-xmlrpcs.inc.php on line 50 Fatal error: main() [function.require]: Failed opening required 'phpAds_path/libraries/lib-xmlrpc.inc.php' (include_path='.:') in /www/phpAdsNew-2.0.3/libraries/lib-xmlrpcs.inc.php on line 50 - --------------- 1.1 http://[HOST]/[DIR]/maintenance/maintenance-activation.php http://[HOST]/[DIR]/maintenance/maintenance-cleantables.php http://[HOST]/[DIR]/maintenance/maintenance-autotargeting.php http://[HOST]/[DIR]/maintenance/maintenance-reports.php Error message : - --------------- Warning: main(phpAds_path/libraries/lib-warnings.inc.php) [function.main]: failed to open stream: No such file or directory in /www/phpAdsNew-2.0.3/maintenance/maintenance-activation.php on line 17 Fatal error: main() [function.require]: Failed opening required 'phpAds_path/libraries/lib-warnings.inc.php' (include_path='.:') in /www/phpAdsNew-2.0.3/maintenance/maintenance-activation.php on line 17 - --------------- 1.2 http://[HOST]/[DIR]/misc/backwards%20compatibility/phpads.php Error message : - --------------- Warning: main(adview.php) [function.main]: failed to open stream: No such file or directory in /www/phpAdsNew-2.0.3/misc/backwards compatibility/phpads.php on line 19 Warning: main() [function.include]: Failed opening 'adview.php' for inclusion (include_path='.:') in /www/phpAdsNew-2.0.3/misc/backwards compatibility/phpads.php on line 19 - --------------- 1.3 http://[HOST]/[DIR]/misc/backwards%20compatibility/remotehtmlview.php Error message : - --------------- Warning: main(adjs.php) [function.main]: failed to open stream: No such file or directory in /www/phpAdsNew-2.0.3/misc/backwards compatibility/remotehtmlview.php on line 19 Warning: main() [function.include]: Failed opening 'adjs.php' for inclusion (include_path='.:') in /www/phpAdsNew-2.0.3/misc/backwards compatibility/remotehtmlview.php on line 19 - --------------- 1.4 http://[HOST]/[DIR]/misc/backwards%20compatibility/click.php Error message : - --------------- Warning: main(adclick.php) [function.main]: failed to open stream: No such file or directory in /www/phpAdsNew-2.0.3/misc/backwards compatibility/click.php on line 19 Warning: main() [function.include]: Failed opening 'adclick.php' for inclusion (include_path='.:') in /www/phpAdsNew-2.0.3/misc/backwards compatibility/click.php on line 19 - --------------- 1.5 http://[HOST]/[DIR]/adcontent.php Error message : - --------------- Warning: array_merge() [function.array-merge]: Argument #2 is not an array in /www/phpAdsNew-2.0.3/adcontent.php on line 72 - --------------- - --- 2. Cross Site Scripting --- If register_globals=On http://[HOST]/[DIR]/adframe.php?refresh=securityreason.com'>[XSS code] - --- 3. How to fix --- Download the new version of the script or update. http://securityreason.com/patch/phpadsnew.0.diff - --- 4. Greets --- sp3x and Matteo Beccati - --- 5.Contact --- Author: Maksymilian Arciemowicz < cXIb8O3 > Email: max [at] jestsuper [dot] pl or cxib [at] securityreason [dot] com securityreason.com TEAM -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFCNdtxznmvyJCR4zQRApdmAJ9pefOtxqW0NNPbOUQeRl+h9MMSfwCgqyuO I8zBDnpMyACdv61ccVKvy+s= =aYxv -----END PGP SIGNATURE----- |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
(
- 2008-03-25