exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

NoahsClassified.txt

NoahsClassified.txt
Posted Mar 23, 2006
Authored by Raphael Huck | Site zone14.free.fr

PhpOutsourcing Noah's Classified 1.3 and below suffers from XSS and full path disclosure vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 8a6bfe7a4bb5e8bfc061e5a2925ff874677a048c44500b4382d59da47e19b848
Download | Favorite | View

NoahsClassified.txt

Change Mirror Download
I have contacted PhpOutsourcing 2 weeks ago, and they didn't answer.

The mail I sent on classifieds AT phpoutsourcing DOT com bounced back in error. The one I sent on askme AT phpoutsourcing DOT com never got replied.

"Currently, we are completely overloaded with our running projects, and we don't have enough time to deal with our free products. The further development and support of Noah's Classifieds is therefore suspended. Thank you for the understanding and please forgive us that we don't responding to the emails."

Anyway, they clearly mention that they have stopped the support, but there are unpatched vulnerabilities in their product.


Vendor: PhpOutsourcing

Vulnerable: Noah's Classified 1.3 and below

Path Disclosure

https://www.example.com/classifieds/index.php?method=showdetails&list=dummy

which returns:

Fatal error: Cannot instantiate non-existent class: dummy in /path/classifieds/gorum/gorumlib.php on line 45

Cross Site Scripting

https://www.example.com/classifieds/index.php?method=showdetails&list=%3Cscript%3Ealert(document.cookie)%3C/script%3Eadvertisement&rollid=1
https://www.example.com/classifieds/index.php?method=%3Cscript%3Ealert(document.cookie)%3B%3C/script%3E

Solution

The vendor is not supporting this product at the moment: "Currently, we are completely overloaded with our running projects, and we don't have enough time to deal with our free products. The further development and support of Noah's Classifieds is therefore suspended. Thank you for the understanding and please forgive us that we don't responding to the emails."

To solve this vulnerabilities, in gorum/gorumlib.php:

Line 45, add before $base = new gorumroll->class;:

  if (!class_exists($gorumroll->class)) {
    $txt="Class does not exist:".preg_replace("/[^a-z]/","",substr($gorumroll->class,0,32));
    handleError($txt);
  }

and, at line 124, replace:

  $txt="Method is not allowed: $gorumroll->method";

by:

  $txt="Method is not allowed:".preg_replace("/[^a-z]/","",substr($gorumroll->method,0,32));


https://zone14.free.fr/advisories/1/
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close