Home page logo

bugtraq logo Bugtraq mailing list archives

MAXDEV CMS Multiple vulnerabilities
From: king_purba () yahoo co uk
Date: 6 Apr 2006 18:02:46 -0000

Full Path disclosure
This hole is caused by direct access to file includes/legacy.php not protected

PoC :

Fix :
Turn off display error in php.ini can fix this security issue

Blind sql inject
This hole is caused by filtered script not implemented to $topicid variable in file modules/Topics/pnuserapi.php

PoC :
http://site.co.id/maxdev/index.php?module=Topics&func=display&topicid=0 AND 1=0
http://site.co.id/maxdev/index.php?module=Topics&func=display&topicid=0 AND 1=1

Fix :
Maxdev cms have a filtered script to protect all request but i'm so lazy to analyze the code, then i just add this code 
in modules/Topics/pnuserapi.php

function validate($char)
                die("i have received an error request");

  By Date           By Thread  

Current thread:
  • MAXDEV CMS Multiple vulnerabilities king_purba (Apr 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]