lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 09 Mar 2006 23:09:14 +0200 From: nukedx@...edx.com To: submit@...w0rm.com, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, support@...os.net Subject: Advisory: Jiros Banner Experience Pro Remote Privilege Escalation. --Security Report-- Advisory: Jiros Banner Experience Pro Remote Privilege Escalation. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 07/03/06 04:52 AM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx@...edx.com Web: http://www.nukedx.com } --- Vendor: Jiros (http://www.jiros.net) Version: 1.0 and prior versions must be affected. About: Via this method remote attacker can by pass security control of system and edit all options. Level: Critical --- How&Example: Security control in admin panel's index did not sanitized properly. GET/EXAMPLE -> http://[victim]/[JBPSDir]/files/ wtih this example remote attack bypasses security control, but s/he will get some errors because ; s/he did not logged in system and doesnt have admin cookies so lets add a new admin account :) GET/EXAMPLE -> http://[victim]/[JBPSDir]/files/addadmin.asp so with this example remote attacker can make admin account succesfully and when he logins via http://[victim]/[JBPSDir]/files/login.asp can take whole system control. --- Timeline: * 07/03/2006: Vulnerability found. * 07/03/2006: Contacted with vendor and waiting reply. --- Exploit: http://www.nukedx.com/?getxpl=19 With this exploit remote attacker can make new admin account. --- Dorks: inurl:JBSPro --- Original advisory: http://www.nukedx.com/?viewdoc=19 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists