Multiple vulnerability in biweaver CMS

Author : KaDaL-X
Email : king_purba@yahoo.co.uk
Site : http://kandangjamur.net/



1. XSS
--------

Vulneral code in users/login.php :

if( !empty( $_REQUEST['error'] ) ) {
        $gBitSmarty->assign( 'error', $_REQUEST['error'] );
}

PoC :	
http://xxx/bitweaver/users/login.php?error=<h1><marquee>Test

Fix :
if( !empty( $_REQUEST['error'] ) ) {
        $gBitSmarty->assign( 'error', htmlspecialchars($_REQUEST['error']));
}

2. Fullpath disclosure
-----------------------

http://172.16.11.103/bitweaver/bitweaver/users/user_menu_lib.php
Fatal error: Class 'BitBase' not found in /usr/local/apache2/htdocs/bitweaver/bitweaver/users/user_menu_lib.php on line 19

Fix :
Prevent direct acces to users/user_menu_lib.php file 

3. ADODB error
---------------

PoC :
http://localhost/bitweaver/bitweaver/blogs/list_blogs.php?sort_mode=uptoyou
http://172.16.11.103/bitweaver/bitweaver/articles/list.php?sort_mode=uptoyou