Bugtraq: Arab Portal

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Arab Portal

From: ABDUCTER_MINDS () YAHOO COM
Date: 1 Aug 2005 10:10:35 -0000

Class:  Input Validation Error  
Remote:  Yes  
Local:  Yes
Credit: ABDUCTER  [ABDUCTER_MINDS () YAHOO COM] oR [ABDUCTER_MINDS76 () HOTMAIL COM]
Vulnerable:  Arab Portal v2.0 beta 2
***************************************

discussion :- ARAB PORTAL is powerful nuke designed by arabian programmers you 
can find source of it in http://www.arabportal.net
THE bug in admin.php in this file 

 </tr>
        <tr>
        <td  align=center width=100 ><font size=2><b>&#1575;&#1604;&#1605;&#1593;&#1585;&#1601;</b></font> </td>
        <td><input type=text size=20 name=user_name value=""></td>
        </tr>
        <tr>
        <td align= center width= 100 ><font size=2><b>&#1603;&#1604;&#1605;&#1577; 
&#1575;&#1604;&#1605;&#1585;&#1608;&#1585;</b></font></td>
        <td><b><input type=password size=20 name=user_pass value=""></b></td>
        </tr>
AS WE SEE THEY LIMIT SIZE OF USER AND PASS TO 20 
if you entre pass or user more than 20 numbers or letters it will make error
give you full information about path as it
Fatal error: Call to undefined function: errmsg() in /home/****/public_html/admin/aclass/admin_func.php on line 81


***************************************

exploit :- http://www.victim.com/forum/admin/index.php

***************************************
CREDITS :- FOR ALL ARAB {EGYPT}
           WWW.S4A.CC
           TO MY LOVE (N0N0)

By Date By Thread

Current thread:

Arab Portal ABDUCTER_MINDS (Aug 02)