lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 14 Dec 2012 23:50:30 +0200
From: "MustLive" <mustlive@...security.com.ua>
To: <full-disclosure@...ts.grok.org.uk>, <submissions@...ketstormsecurity.org>,
	<vuln@...urity.nnov.ru>
Subject: TinyBrowser Upload Shell Vulnerability

Hello guys!

I'll draw your attention to one exploit at 1337day.com (and other their
domains): http://1337day.com/exploit/19732. I've wrote to 1337day.com about
it already at 19.11.2012. So it should concern every list, which posted that
exploit from 1337day.com.

This is AFU vulnerability in TinyBrowser plugin for TinyMCE, which allows to
upload scripts to the site with using of double extensions attack.

At 1337day.com this exploit posted at 14.11.2012 and it concerns version
TinyBrowser 1.32. But long time ago I've already disclosed this
vulnerability.

First, already at 09.09.2009 I've disclosed Arbitrary File Upload
vulnerability in TinyBrowser (http://websecurity.com.ua/3486/,
http://securityvulns.ru/Wdocument451.html), which allows in TinyBrowser 1.33
to upload php-scripts directly.

Second, this is duplicate of a vulnerability in TinyBrowser, which I've
disclosed already at 14.07.2011 (http://websecurity.com.ua/4922/,
http://securityvulns.ru/docs26660.html,
http://seclists.org/fulldisclosure/2011/Jul/209). In my advisory I've
disclosed three attacks on TinyBrowser - two for IIS and one for Apache (the
attack via double extensions, mentioned in this exploit) for TinyBrowser
v1.42. After my informing, the developer fixed them in version 1.43.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists