lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <a8fe69350712141516g9101d0ke07fd29dcbddbcf8@mail.gmail.com>
Date: Fri, 14 Dec 2007 17:16:14 -0600
From: "Fredrick Diggle" <fdiggle@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: [FDSA] The Internet - Version 4 - Multiple
	Remotely Exploitable Critical Security Vulnerabilities

#######################################################################

                             Fredrick Diggle Security Advisory

Application: The Internet
Versions: All Versions Affected
Platforms: All Platforms Affected
Bugs: XSS (Xtra Serious Software bugs)
Exploitation: Remote
Severity: Xtreme!!!!
Date: 15 Dec 2007
Credit: Fredrick Diggle

#######################################################################

1) Introduction
2) Bugs
4) Fix

#######################################################################

===============
1) Introduction
===============

Fredrick Diggle Security Services is probably the best application security
researchers on the scene this week. They have identified several hundred
thousand vulnerabilities this week for which Priv8 0dayz have been
developed. Fredrick Diggle Security Team has decided to release several of
these vulnerabilities to the community at large (Pre Vendor Release!!!!).
Fred Diggle would like to ensure that you understand this is 0DAY!!!. The
vendors are completely unaware of this vulnerabilities.

#######################################################################

=======
2) Bugs
=======

Dragonfly 9.6.0.1

  echo isset($_GET['cat']) ? '&cat=' . $_GET['cat'] : '&cat=0' <--- XSS OMG!

Gael 0.4

  echo $_GET["idel"]; <--- More XSS :/

Horde 3.1.3

  echo isset($_GET['ext']) ? $_GET['ext'] : '' <--- This is an XSS
vulnerability

SQLiteManager 1.2.0

  echo $_GET["lang"] <--- Hold me... I fear

ampache 3.3.2.1

  echo "<img src=\"" . conf('web_path') . "/albumart.php?id=" . $_GET['id']
. "\" border=\"0\" />"; <--- The end is near :<

Amp 3.6.0

  echo '<tr><td colspan="6"><b class="red">'. $_GET['msg']
.'</b></td></tr>'; <--- Danger Will Robinson

Twig 2.8.3

  echo "<input type=\"hidden\" name=\"cc\" value=\"" . $_GET["cc"] .
"\">\n"; <--- Fredrick Diggle is out of ideas

Fredrick Diggle would like you to note that this is very small subset of the
0dayz that Fredrick Diggle Security Team has available. If you are rich and
would like to buy our Exploit codez Fredrick Diggle would very much like to
hear from you.


#######################################################################

======
4) Fix
======

There is no fix :> We are doomed :<

#######################################################################

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ