[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Multiple vulnerabilities in SimpGB
- To: laurent gaffie <laurent.gaffie@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Multiple vulnerabilities in SimpGB
- From: Michele Orru <antisnatchor@xxxxxxxxx>
- Date: Sun, 06 Feb 2011 11:43:34 +0100
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
ahaah.<br>
Nice reply Sparky.<br>
MustLive, seems you've been defaced :-)<br>
<br>
antisnatchor<br>
<br>
<blockquote style="border: 0px none;"
cite="mid:AANLkTimeMY135vdnnpYMUMHYmohqtsztMtnKDgzyQmSf@xxxxxxxxxxxxxx"
type="cite">
<div style="margin-left: 40px;">
<hr style="border-width: 1px 0pt 0pt; border-style: dotted none
none; border-color: rgb(181, 181, 181) -moz-use-text-color
-moz-use-text-color; height: 1px; margin: 0pt;"
class="__pbConvHr"><br>
</div>
<table style="padding-top: 5px;" class="__pbConvTable">
<tbody>
<tr>
<td valign="top"><img
src="cid:part1.08010202.04070904@gmail.com"
photoaddress="laurent.gaffie@xxxxxxxxx"
photoname="laurent gaffie"
name="compose-unknown-contact.jpg" height="29px"
width="29px"></td>
<td style="padding-left: 5px;" valign="top"><a
moz-do-not-send="true"
href="mailto:laurent.gaffie@xxxxxxxxx"; style="color:
rgb(0, 136, 204) ! important; text-decoration: none !
important;">laurent gaffie</a><br>
<font color="#888888">February 5, 2011 3:36 AM</font></td>
</tr>
</tbody>
</table>
<div style="color: rgb(136, 136, 136); margin-left: 40px;"
__pbrmquotes="true" class="__pbConvBody"><br>
Hey Sparky, <br>
<br>
One of the many many thing you didn't understand during the past
5 years is that you should probably try to identify and fix your
stuff on *your* website, before spamming this ML with your crap.
<br>
cf:<br>
<a moz-do-not-send="true" target="_blank"
href="http://www.zone-h.org/mirror/id/11367858";>http://www.zone-h.org/mirror/id/11367858</a><br>
<br>
e-tard.<br>
<br>
<br>
<div>_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a class="moz-txt-link-freetext"
href="http://lists.grok.org.uk/full-disclosure-charter.html";>http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a class="moz-txt-link-freetext"
href="http://secunia.com/";>http://secunia.com/</a></div>
<hr style="border-width: 1px 0pt 0pt; border-style: dotted none
none; border-color: rgb(181, 181, 181) -moz-use-text-color
-moz-use-text-color; height: 1px; margin: 15px 0pt 0pt;"
class="__pbConvHr"><br>
</div>
<table style="padding-top: 5px;" class="__pbConvTable">
<tbody>
<tr>
<td valign="top"><img
src="cid:part1.08010202.04070904@gmail.com"
photoaddress="mustlive@xxxxxxxxxxxxxxxxxx"
photoname="MustLive" name="compose-unknown-contact.jpg"
height="29px" width="29px"></td>
<td style="padding-left: 5px;" valign="top"><a
moz-do-not-send="true"
href="mailto:mustlive@xxxxxxxxxxxxxxxxxx"; style="color:
rgb(0, 136, 204) ! important; text-decoration: none !
important;">MustLive</a><br>
<font color="#888888">February 4, 2011 10:49 PM</font></td>
</tr>
</tbody>
</table>
<div style="color: rgb(136, 136, 136); margin-left: 40px;"
__pbrmquotes="true" class="__pbConvBody"><br>
<div>Hello Laurent!<br>
<br>
You are very "intelligent" man, as I see from this and
previous your letter<br>
(in 2010).<br>
<br>
You need to take into account the next:<br>
<br>
1. I know better where to send.<br>
<br>
2. If you write shitty stuff, then it doesn't mean that other
do the same.<br>
<br>
3. No need to think and state instead of other people - if
it's not<br>
interesting for you, then it can be interesting for others.<br>
<br>
4. The main and obvious thing it's that I write all my
advisories from 2006<br>
for those people who are interested in them (and there are
such people, as I<br>
know for sure). So if you or anybody else is not interested in
them, just<br>
skip them (and don't need to write me nonsenses) - I'm writing
my letters<br>
not for you, but for others who is interested in them and who
thanks me for<br>
my work. It's strange that such "intelligent" man as you
didn't understand<br>
it for last five years :-).<br>
<br>
5. I don't need any not serious letters from you, so don't
waste your time<br>
writing me anymore, because I've put your e-mail into
blacklist. Spend your<br>
time for good things.<br>
<br>
Best wishes & regards,<br>
MustLive<br>
Administrator of Websecurity web site<br>
<a class="moz-txt-link-freetext"
href="http://websecurity.com.ua";>http://websecurity.com.ua</a><br>
<br>
----- Original Message ----- <br>
From: laurent gaffie<br>
To: MustLive<br>
Cc: <a class="moz-txt-link-abbreviated"
href="mailto:full-disclosure@xxxxxxxxxxxxxxxxx";>full-disclosure@xxxxxxxxxxxxxxxxx</a>
;
<a class="moz-txt-link-abbreviated"
href="mailto:bugtraq@xxxxxxxxxxxxxxxxx";>bugtraq@xxxxxxxxxxxxxxxxx</a><br>
Sent: Wednesday, January 26, 2011 5:09 PM<br>
Subject: Re: [Full-disclosure] Multiple vulnerabilities in
SimpGB<br>
<br>
<br>
Send your shitty stuff to <a class="moz-txt-link-abbreviated"
href="mailto:bugtraq@xxxxxxxxxxxxxxxxx";>bugtraq@xxxxxxxxxxxxxxxxx</a><br>
<br>
If it's not obvious, no one give a shit here, seriously.<br>
<br>
<br>
<br>
2011/1/27 MustLive <a class="moz-txt-link-rfc2396E"
href="mailto:mustlive@xxxxxxxxxxxxxxxxxx";><mustlive@xxxxxxxxxxxxxxxxxx></a><br>
<br>
Hello list!<br>
<br>
I want to warn you about Cross-Site Scripting, Brute Force,
Insufficient<br>
Anti-automation and Abuse of Functionality vulnerabilities in
SimpGB.<br>
<br>
-------------------------<br>
Affected products:<br>
-------------------------<br>
<br>
Vulnerable are SimpGB v1.49.02 and previous versions.<br>
<br>
----------<br>
Details:<br>
----------<br>
<br>
XSS (WASC-08):<br>
<br>
POST request at page <a class="moz-txt-link-freetext"
href="http://site/guestbook.php";>http://site/guestbook.php</a> in parameters
poster,<br>
postingid and location in Preview function. If captcha is
using in<br>
guestbook, then working code of the captcha is required for
the attack. Or<br>
via GET request:<br>
<br>
<a class="moz-txt-link-freetext"
href="http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview">http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview</a><br>
<br>
<a class="moz-txt-link-freetext"
href="http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&poster=1&input_text=111111111111111111111111111111&preview=preview">http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&poster=1&input_text=111111111111111111111111111111&preview=preview</a><br>
<br>
<a class="moz-txt-link-freetext"
href="http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=1&location=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview">http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=1&location=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview</a><br>
<br>
Brute Force (WASC-11):<br>
<br>
<a class="moz-txt-link-freetext"
href="http://site/admin/index.php";>http://site/admin/index.php</a><br>
<br>
Insufficient Anti-automation (WASC-21):<br>
<br>
<a class="moz-txt-link-freetext"
href="http://site/admin/pwlost.php";>http://site/admin/pwlost.php</a><br>
<br>
In this functionality there is no protection from automated
requests<br>
(captcha).<br>
<br>
Abuse of Functionality (WASC-42):<br>
<br>
<a class="moz-txt-link-freetext"
href="http://site/admin/pwlost.php";>http://site/admin/pwlost.php</a><br>
<br>
In this functionality it's possible to retrieve logins.<br>
<br>
------------<br>
Timeline:<br>
------------<br>
<br>
2010.11.17 - announced at my site.<br>
2010.11.19 - informed developers.<br>
2011.01.25 - disclosed at my site.<br>
<br>
I mentioned about these vulnerabilities at my site<br>
(<a class="moz-txt-link-freetext"
href="http://websecurity.com.ua/4690/";>http://websecurity.com.ua/4690/</a>).<br>
<br>
Best wishes & regards,<br>
MustLive<br>
Administrator of Websecurity web site<br>
<a class="moz-txt-link-freetext"
href="http://websecurity.com.ua";>http://websecurity.com.ua</a><br>
<br>
<br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a class="moz-txt-link-freetext"
href="http://lists.grok.org.uk/full-disclosure-charter.html";>http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a class="moz-txt-link-freetext"
href="http://secunia.com/";>http://secunia.com/</a><br>
<br>
<br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a class="moz-txt-link-freetext"
href="http://lists.grok.org.uk/full-disclosure-charter.html";>http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a class="moz-txt-link-freetext"
href="http://secunia.com/";>http://secunia.com/</a><br>
</div>
<hr style="border-width: 1px 0pt 0pt; border-style: dotted none
none; border-color: rgb(181, 181, 181) -moz-use-text-color
-moz-use-text-color; height: 1px; margin: 15px 0pt 0pt;"
class="__pbConvHr"><br>
</div>
<table style="padding-top: 5px;" class="__pbConvTable">
<tbody>
<tr>
<td valign="top"><img
src="cid:part1.08010202.04070904@gmail.com"
photoaddress="laurent.gaffie@xxxxxxxxx"
photoname="laurent gaffie"
name="compose-unknown-contact.jpg" height="29px"
width="29px"></td>
<td style="padding-left: 5px;" valign="top"><a
moz-do-not-send="true"
href="mailto:laurent.gaffie@xxxxxxxxx"; style="color:
rgb(0, 136, 204) ! important; text-decoration: none !
important;">laurent gaffie</a><br>
<font color="#888888">January 26, 2011 4:09 PM</font></td>
</tr>
</tbody>
</table>
<div style="color: rgb(136, 136, 136); margin-left: 40px;"
__pbrmquotes="true" class="__pbConvBody"><br>
Send your shitty stuff to <a moz-do-not-send="true"
href="mailto:bugtraq@xxxxxxxxxxxxxxxxx";>bugtraq@xxxxxxxxxxxxxxxxx</a><br>
<br>
If it's not obvious, no one give a shit here, seriously.<br>
<br>
<br>
<br>
<div>_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a class="moz-txt-link-freetext"
href="http://lists.grok.org.uk/full-disclosure-charter.html";>http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a class="moz-txt-link-freetext"
href="http://secunia.com/";>http://secunia.com/</a></div>
<hr style="border-width: 1px 0pt 0pt; border-style: dotted none
none; border-color: rgb(181, 181, 181) -moz-use-text-color
-moz-use-text-color; height: 1px; margin: 15px 0pt 0pt;"
class="__pbConvHr"><br>
</div>
<table style="padding-top: 5px;" class="__pbConvTable">
<tbody>
<tr>
<td valign="top"><img
src="cid:part1.08010202.04070904@gmail.com"
photoaddress="mustlive@xxxxxxxxxxxxxxxxxx"
photoname="MustLive" name="compose-unknown-contact.jpg"
height="29px" width="29px"></td>
<td style="padding-left: 5px;" valign="top"><a
moz-do-not-send="true"
href="mailto:mustlive@xxxxxxxxxxxxxxxxxx"; style="color:
rgb(0, 136, 204) ! important; text-decoration: none !
important;">MustLive</a><br>
<font color="#888888">January 26, 2011 3:15 PM</font></td>
</tr>
</tbody>
</table>
<div style="color: rgb(136, 136, 136); margin-left: 40px;"
__pbrmquotes="true" class="__pbConvBody"><br>
<div>Hello list!<br>
<br>
I want to warn you about Cross-Site Scripting, Brute Force,
Insufficient<br>
Anti-automation and Abuse of Functionality vulnerabilities in
SimpGB.<br>
<br>
-------------------------<br>
Affected products:<br>
-------------------------<br>
<br>
Vulnerable are SimpGB v1.49.02 and previous versions.<br>
<br>
----------<br>
Details:<br>
----------<br>
<br>
XSS (WASC-08):<br>
<br>
POST request at page <a class="moz-txt-link-freetext"
href="http://site/guestbook.php";>http://site/guestbook.php</a> in parameters
poster,<br>
postingid and location in Preview function. If captcha is
using in<br>
guestbook, then working code of the captcha is required for
the attack. Or<br>
via GET request:<br>
<br>
<a class="moz-txt-link-freetext"
href="http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview">http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview</a><br>
<br>
<a class="moz-txt-link-freetext"
href="http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&poster=1&input_text=111111111111111111111111111111&preview=preview">http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&poster=1&input_text=111111111111111111111111111111&preview=preview</a><br>
<br>
<a class="moz-txt-link-freetext"
href="http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=1&location=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview">http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=1&location=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview</a><br>
<br>
Brute Force (WASC-11):<br>
<br>
<a class="moz-txt-link-freetext"
href="http://site/admin/index.php";>http://site/admin/index.php</a><br>
<br>
Insufficient Anti-automation (WASC-21):<br>
<br>
<a class="moz-txt-link-freetext"
href="http://site/admin/pwlost.php";>http://site/admin/pwlost.php</a><br>
<br>
In this functionality there is no protection from automated
requests<br>
(captcha).<br>
<br>
Abuse of Functionality (WASC-42):<br>
<br>
<a class="moz-txt-link-freetext"
href="http://site/admin/pwlost.php";>http://site/admin/pwlost.php</a><br>
<br>
In this functionality it's possible to retrieve logins.<br>
<br>
------------<br>
Timeline:<br>
------------<br>
<br>
2010.11.17 - announced at my site.<br>
2010.11.19 - informed developers.<br>
2011.01.25 - disclosed at my site.<br>
<br>
I mentioned about these vulnerabilities at my site<br>
(<a class="moz-txt-link-freetext"
href="http://websecurity.com.ua/4690/";>http://websecurity.com.ua/4690/</a>).<br>
<br>
Best wishes & regards,<br>
MustLive<br>
Administrator of Websecurity web site<br>
<a class="moz-txt-link-freetext"
href="http://websecurity.com.ua";>http://websecurity.com.ua</a> <br>
<br>
<br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a class="moz-txt-link-freetext"
href="http://lists.grok.org.uk/full-disclosure-charter.html";>http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a class="moz-txt-link-freetext"
href="http://secunia.com/";>http://secunia.com/</a><br>
</div>
</div>
</blockquote>
</body>
</html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/