lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Dec 2012 23:50:30 +0200 From: "MustLive" <mustlive@...security.com.ua> To: <full-disclosure@...ts.grok.org.uk>, <submissions@...ketstormsecurity.org>, <vuln@...urity.nnov.ru> Subject: TinyBrowser Upload Shell Vulnerability Hello guys! I'll draw your attention to one exploit at 1337day.com (and other their domains): http://1337day.com/exploit/19732. I've wrote to 1337day.com about it already at 19.11.2012. So it should concern every list, which posted that exploit from 1337day.com. This is AFU vulnerability in TinyBrowser plugin for TinyMCE, which allows to upload scripts to the site with using of double extensions attack. At 1337day.com this exploit posted at 14.11.2012 and it concerns version TinyBrowser 1.32. But long time ago I've already disclosed this vulnerability. First, already at 09.09.2009 I've disclosed Arbitrary File Upload vulnerability in TinyBrowser (http://websecurity.com.ua/3486/, http://securityvulns.ru/Wdocument451.html), which allows in TinyBrowser 1.33 to upload php-scripts directly. Second, this is duplicate of a vulnerability in TinyBrowser, which I've disclosed already at 14.07.2011 (http://websecurity.com.ua/4922/, http://securityvulns.ru/docs26660.html, http://seclists.org/fulldisclosure/2011/Jul/209). In my advisory I've disclosed three attacks on TinyBrowser - two for IIS and one for Apache (the attack via double extensions, mentioned in this exploit) for TinyBrowser v1.42. After my informing, the developer fixed them in version 1.43. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists