| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <004d01cb7229$f76be4e0$c103fea9@ml> Date: Fri, 22 Oct 2010 23:43:30 +0300 From: "MustLive" <mustlive@...security.com.ua> To: <bugtraq@...urityfocus.com> Subject: Vulnerabilities in W-Agora Hello Bugtraq! I want to warn you about Cross-Site Scripting and Local File Inclusion vulnerabilities in W-Agora. In addition to vulnerabilities in this system which I found and disclosed in 2006 (SecurityVulns ID: 6960). ------------------------- Affected products: ------------------------- Vulnerable are W-Agora 4.2.1 and previous versions. ---------- Details: ---------- XSS (WASC-08): http://site/news/search.php3?bn=%3Cbody%20onload=alert(document.cookie)%3E Local File Inclusion (WASC-31): It's possible to include php-files (with extension php3 in version W-Agora 4.1.5 or with extension php in version 4.2.1). In folder conf: http://site/news/search.php3?bn=1 In any folder (only on Windows-servers): http://site/news/search.php3?bn=..\1 In last versions of the system search.php3 has name search.php. ------------ Timeline: ------------ 2010.08.27 - announced at my site. 2010.08.29 - informed developers. Developers of W-Agora didn't answer and didn't fix the holes (unlike in 2006). 2010.10.22 - disclosed at my site. I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/4481/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
Powered by blists - more mailing lists