lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 25 Dec 2006 22:18:07 +0100
From: <>
To: <>
Subject: logahead UNU edition 1.0 Remote upload file &
	code execution

              logahead UNU edition 1.0     
  Author: CorryL    []   

-=[+] Application:    logahead UNU edition
-=[+] Version:        1.0
-=[+] Vendor's URL: 
-=[+] Platform:       Windows\Linux\Unix
-=[+] Bug type:       Remote Upload file & Code execution
-=[+] Exploitation:   Remote
-=[+] Author:          CorryL  ~ corryl80[at]gmail[dot]com ~
-=[+] Reference:
-=[+] Virtual Office:
-=[+] Irc Chan: #x0n3-h4ck        
-=[+] Special Thanks: Merry Christmas for All, Thanks for all  #x0n3-h4ck member, 
                                  un saluto a tutti gli avolesi nel mondo.

..::[ Descriprion ]::..

You might already have heard of logahead - the ajaxified blogging engine using PHP4 and mySQL database by James from the UK.
The UNU edition is based on the logahead beta 1.0 code published under GNU/GPL license. While the original version sticks to the basic functions of a blog (mainly publishing posts and receiving comments), the UNU edition is more enchanted and offers a number of additional features.

..::[ Bug ]::..

My give searches the form Widgets of this blog is results vulnerability, in fact
a remote attaker is able to upload also a file php, and to perform arbitrary commands
inside the server victim.

..::[ Proof Of Concept ]::..


..::[ Disclousure Timeline ]::..

 [25/12/2006] - Public disclousure

Registrati ad Alice Basic e scarica Alice Messenger, 
il nuovo instant messenger che ti fa chattare GRATIS con i tuoi amici!
Per maggiori informazioni vai su:

Content of type "text/html" skipped

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists