lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060409140006.e3z3rni3kkcs8g4c@webmail.kecoak.or.id>
Date: Sun, 09 Apr 2006 14:00:06 +0700
From: crasher@...oak.or.id
To: bugtraq@...urityfocus.com
Subject: Vulnerabilities in SPIP



 k  k         kkkk  k   kkkk  k  k  kkkkkk kkkkkk    kkkk   k    k   k   k  k
 k k         k   k  k  k   k  k k     kk   k     k  k    k  kk   k   k   k k
 kk   <><>   kkkkk  k  kkkkk  kk      kk   kkkkkk   k    k  k k  k   k   kk
 k k         k      k  k      k k     kk   k   k    k    k  k  k k   k   k k
 k  k         kkkk  k   kkkk  k  k    kk   k    k    kkkk   k   kk   k   k  k

------------------------------------------------------------------------------

>=- Remote file inclusion in SPIP

Author  : Rusydi Hasan M
a.k.a   : cR45H3R
Date    : April,8th 2006
Risk    : High

>=- Software description

SIPP is a CMS portal with multilanguage support
Version : 1.8.3
URL     : http://www.spip.net

>=- The Vulnerable

http://[victim]/[spip_dir]/spip_login.php3?url=[Evil_url]

---spip_login.php3---------------------------------------------------------------
............

if (isset($_SERVER['REQUEST_URI'])
AND strpos($_SERVER['REQUEST_URI'], 'var_url'))
	@header('Location: '.str_replace('var_url', 'url', $_SERVER['REQUEST_URI']));

............
---spip_login.php3---------------------------------------------------------------

>=- Vendor

Not contacted yet

>=- Shoutz

~ kecoak (cybertank,cyb3rh3b,cahcephoe,scut,degleng,etc)
~ echo staff
(y3dips,moby,comex,z3r0byt3,K-159,c-a-s-e,S`to,lirva32,anonymous,the day)
~ Ph03n1x,spyoff,ghoz,r34d3r,m_beben,slackX,sakitjiwa,xnuxer

>=- Contact

crasher@...oak.or.id || http://www.kecoak.or.id




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ