Guestserver guestbook system vulnerabilities

The poor security and input validation at Guestserver versions below 5 there are still lots of them out there allow all HTML tags inside a message and it can be exploited as much as you want to. http://www.stud.ntnu.no/larsell/guestserver/ A Google Search for "Guestbook by Guestserver - v4.12" fo...

[Full-disclosure] Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability

netVigilance Security Advisory 13 Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html tags handlin...

Advanced Guestbook

Product : Advanced Guestbook Version : 2.3.1 WebSite : http://www.proxy2.de Problem : phpinfo Description: ------------ phpinfo.php =========== ?php phpinfo; ? =========== Exploit: -------- http://somehost/book/phpinfo.php...

New Vulnerability

I would like to submit a vulnerability that I just recently discovered. I have already contacted the vendor of the software that I discovered the bug in, but they have not gotten back to me. There are two Code Injection/CSS vulnerabilities that exist in Guestbook Version 1.51 by Chi Kien Uong...

WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities

---------------------------------------------------- WikkaWiki = 1.3.2 Multiple Security Vulnerabilities ---------------------------------------------------- author............: Egidio Romano aka EgiX mail..............: n0b0d13satgmaildotcom software link.....: http://wikkawiki.org/...

Lazarus Guestbook (admin.php)Remote File Include Expliot

Lazarus Guestbook admin.phpRemote File Include Expliot D.Script: http://www.carbonize.co.uk Dork: "Powered by Lazarus Guestbook from carbonize.co.uk" Discovered by Crackman Homepage: http://www.b0rizq.biz Greetz To :B0rizq & redcasper & Draknaz kaiba & brokenproxy and all freind Exploit:...

Cross-Site Scripting (XSS) in WikkaWiki

Advisory ID: HTB23170 Product: WikkaWiki Vendor: Wikka Development Team Vulnerable Versions: 1.3.4 and probably prior Tested Version: 1.3.4 Vendor Notification: August 21, 2013 Vendor Patch: August 31, 2013 Public Disclosure: September 11, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...

уязвимость в Sad Raven's guestbook

доброе время суток. Недавно я нашел уязвимость в Sad Raven's guestbook версии 1.1, которая позволяет любому пользователю получить доступ в админ-центр. Заранее прошу извинить, если эту уязвимость уже кто-то нашел, но я не нашел нигде о ней никакого упоминания. Все говорят только о том, что пароли...

Sad Raven's Guestbook версии 1.2 vuln

Приветствую! Если вам интересно, то я обнаружил уязвимость в Sad Raven's Guestbook версии 1.2. Она заключается в следующем: если установить на свою машину правильно составленный cookie, то можно войти в админский интерфейс, с частичным обходом авторизации! Кукис должен быть следующего формата: na...

Multiple Vulnerabilities in OpenClassifieds 1.7.0.3

I understand that this is a vain hope that bugtraq will start posting something useful. Author:Michael Brooks Rookbr Application:OpenClassifieds 1.7.0.3br download: http://open-classifieds.com/download/br Exploit chain:captcha bypass-sqliinsert-persistant xss on front pagebr If registration is...

Sad-Raven GuestBook

Product : Sad-Raven GuestBook Version : 1.1 WebSite : http://www.sad-raven.ru Problem : Admin access rus Description: ------------ Если посмотреть файл admin.php, можно увидеть следующие строки: admin.php ========= ... if fileexists"passwd.dat" && $QUERYSTRING != "": require "passwd.dat";...

vulnerability script indexu all versions

vulnerability script indexu all versions Found by :SwEET-DeViL & viP HaCkEr & HaCkEr sUn TeaM AL-GaRNi Application : indexu version : all versions URL : http://www.nicecoder.com/ google : "Powered by INDEXU 5." Exploits : |//1| in upgrade.php...

[SA20408] REDAXO "REX[INCLUDE_PATH]" File Inclusion Vulnerabilities

---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerabilit...

MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities

Advisory: MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities Advisory ID: SSCHADV2012-017 Author: Stefan Schurtz Affected Software: Successfully tested on MGB OpenSource Guestbook 0.6.9.1 Vendor URL: http://www.m-gb.org Vendor Status: fixed ========================== Vulnerability...

vlBook 1.21 (ALL VERSION)

---------------------------------------------------------------- Script : vlBook 1.21 ALL VERSION Type : Multiple Remote Vulnerabilities LFI/XSS ---------------------------------------------------------------- Discovered by : IRCRASH Dr.Crash Or Khashayar Fereidani...

Несколько уязвимостей в Sad Raven's Guestbook

Несколько уязвимостей в Sad Raven's Guestbook Программа: Sad Raven's Guestbook Сайт производителя: www.sad-raven.ru Уязвимая версия: 1.1 Опасность: низкая Найдено: MORPFEY Наличие эксплоита: Да Дата: 20.12.2003 Описание: В гостевой книге возможно отвечать от имени Администратора. Экплоит: В поле...

Reset admin password in SweetRice CMS

Vulnerability ID: HTB22669 Reference: http://www.htbridge.ch/advisory/resetadminpasswordinsweetricecms.html Product: SweetRice CMS Vendor: basic-cms.org http://www.basic-cms.org/ Vulnerable Version: 0.6.7 Vendor Notification: 21 October 2010 Vulnerability Type: Logic error Status: Not Fixed, Vend...

vlbook 1.2 XSS Attack

vlBook 1.02 Advisory ==================== Date: ----- 2005 June 23 Product: -------- vlBook 1.02 © 2005 Vendor: ------- http://vlab.info/ Descriptions: ------------- The vlbook is a free, open source and light-weight guestbook written in PHP using flat files to store messages and settings. It com...

Advanced Guestbook 2.3.1 (Admin.php) Remote File Include

Advanced Guestbook 2.3.1 Admin.php Remote File Include Author: BrokeN-ProXy Script : admin.php Found : www.hotscripts.com Risk : Dangerous Dork : "powered by: Advanced Guestbook 2.3.1" Exploit: www.Site.com/AGuest Path/admin.php?includepath=Shell?cmd Notice: AGuest Path may be more than One, You...

[SA20372] Goss iCM "keyword" Cross-Site Scripting Vulnerability

---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerabilit...

GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites

Title: ====== GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites Date: ===== 2012-06-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=601 VL-ID: ===== 601 Common Vulnerability Scoring System: ==================================== 7.5 Introduction: =============...

Matt Wright Guestbook Xss Script İnjection

Matt Wright Guestbook Xss Script njection ---------------------------------------------------- site:http://www.scriptarchive.com/ demo:http://www.scriptarchive.com/readme/guestbook.html -------------------------------------------------- Post This Code: scriptalert/Liz0ziM//script script...

PHP-Nuke Copyright 2005 SQL

PHP-Nuke Copyright © 2005 by Francisco Burzi AUTHOR : TurkishWarriorr SiTE : http://1923turk.org MAL : [email protected] DORK : allinurl:"PHP-Nuke Copyright © 2005 by Francisco Burzi" DORK : allinurl:"gaestebuchv22&func" EXPLOIT :...

множественные уязвимости в Stride v1.0

Здравствуйте, 3APA3A. Software: Stride v1.0 Content Management System, Merchant, Courses Vendor: www.scottmanktelow.com Vulnerability: множественные уязвимости Risk: высокий Date: 16.09.2007 discovered by durito -duritoatmaildotru- HTTP: durito.narod.ru +:| Details |: SQL-инъекции +:| Экплойт |:...

Remote File Include In ClipShare.v1.5.3

By Hasadya Raed Contact : RaeD At BsdMail Dot Com / GunManPump At Hotmail Dot Com ---------------------------------------------------------------------------------------------------- Script : ClipShare.v1.5.3 Dork : "Copyright © 2006 Powered By Clip-Share.Com. All rights reserved"...

Local file include, Directory traversal and Full path disclosure in WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Local file include, Directory traversal и Full path disclosure уязвимостях в WordPress. Дыры в файлах index.php, link-manager.php, link-add.php, link-categories.php, link-import.php, theme-editor.php, plugins.php, plugin-editor.php, profile.php,...

[Full-disclosure] phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2

Source: http://securityreason.com/achievementsecurityalert/34 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpinfo Cross Site Scripting PHP 5.1.2 and 4.4.2 Author: Maksymilian Arciemowicz cXIb8O3 Date: - -Written: 26.2.2006 - -Public: 8.4.2006 from SecurityReason.Com CVE-2006-0996 - ---...

Multiple vulnerabilities in Googlemaps plugin for Joomla

Hello 3APA3A! These are Denial of Service, XML Injection, Cross-Site Scripting and Full path disclosure vulnerabilities in Googlemaps plugin for Joomla. ------------------------- Affected products: ------------------------- Vulnerable are Googlemaps plugin for Joomla versions 2.x and 3.x and...

DZCP (Devilz Clanportal) <= 1.4.5 Mysql Data viewable

DZCP Devilz Clanportal = 1.4.5 Mysql Data viewable Found by: Kiba Solution: Install security Fix! Exploit: http://SITE/PATH/inc/filebrowser/browser.php?file=inc/mysql.php Example: http://www.example.com/dzcp/inc/filebrowser/browser.php?file=inc/mysql.php...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

SQL-инъекция в ActiveKB v1.5

Здравствуйте, 3APA3A. Software: ActiveKB v1.5 Vendor: www.interspire.com Vulnerability: множественные SQL-инъекции Risk: средний Date: 27.08.2007 discovered by durito damagelab -duritoatmaildotru- HTTP: durito.narod.ru +:| Details |: SQL-инъекции +:| Экплойт |:...

IdeaBox <= 1.1 (gorumDir) Remote File Include Vulnerability

$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ IdeaBox = 1.1 gorumDir Remote File Include Vulnerability $$ script site: http://ideabox.phpoutsourcing.com/ $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$ Find by: Kacper a.k.a Rahim $$ $$ Contact:...

FireGPG Passphrase And Cleartext Vulnerability

======================================================================== Vulnerability Affecting FireGPG Passphrase and Cleartext Recovery 10/20/2008 Abstract FireGPG is a Firefox extension that provides a front-end to GPG, allowing webmail users to conveniently exchange GPG messages from Firefox...

SQL-инъекция в enVivo!CMS

Здравствуйте, 3APA3A. Software: enVivo!CMS Vendor: www.envivosoft.com Vulnerability: SQL-инъекция Risk: высокий Date: 6.07.2007 discovered by durito damagelab -duritoatmaildotru- HTTP: durito.narod.ru www.damagelab.org +:| Details |: SQL-инъекция в скрипте default.asp +:| Экплойт |:...

[Full-disclosure] Teamspeak Server 2.0.20.1 Vulnerabilities

Hi everyone, several months ago I discovered some vulnerabilities in TeamSpeak Server WebAdmin interface. I sent the advisory and exploit to the developers about two months ago 11 03 2007, but the server is still vulnerable, today. Affected software: Teamspeak Server 2.0.20.1 Looks like the beta...

Smarty 2.6.20 php injection

2008-10-22 числа Secunia.com была найдена уязвимость в функции expandquotedtext полный текст http://secunia.com/Advisories/32329/. Разработчики попытались исправить уязвимость как видно из их кода http://smarty-php.googlecode.com/svn/trunk/libs/SmartyCompiler.class.php путем экранированием символ...

Vulnerability in ExpressionEngine

Здравствуйте 3APA3A! Сообщаю вам о найденной мною HTTP Response Splitting уязвимости в системе ExpressionEngine. Которая может быть использована в частности для проведения Cross-Site Scripting атаки. XSS: Уязвимость в скрипте index.php в параметре URL...

Vulnerabilities in PRO-search

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting и Denial of Service уязвимостях в PRO-search. XSS: Уязвимости на главной странице в параметрах prot, host, path, name, ext, size, searchdays, showpage. http://site/?prot=223E3Cscript3Ealertdocument.cookie3C/script3E...

{Lostmonґs Group} Elgg 1.8 beta2 and prior to 1.7.11 'container_guid' and 'owner_guid' SQL Injection

Elgg 1.8 beta2 and prior to 1.7.11 'containerguid' and 'ownerguid' SQL Injection Vendor URL: http://www.elgg.org/ Advisore: http://lostmon.blogspot.com/2011/08/elgg-18-beta2-and-prior-to-1711.html Vendor notify: YES exploit available: YES Description By vendor Elgg is an award-winning social...

Local file include, Directory traversal and Full path disclosure in WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Local file include, Directory traversal и Full path disclosure уязвимостях в WordPress. Дыры в файлах admin.php параметр import и themes.php параметр page. Full path disclosure: http://site/wp-admin/admin.php?import=....wp-config...

Multiple remote vulnerabilities MoinMoin v1.80

=============================================================== !vuln MoinMoin v1.5.9 is prone to multiple remote vulnerabilities. Earlier versions may also be affected. MoinMoin v1.80 is also affected to a lesser extent. Other versions may also be affected...

Directory traversal, Arbitrary file deletion, DoS and XSS in WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Directory traversal, Arbitrary file deletion, Denial of Service и Cross-Site Scripting уязвимостях в WordPress. Дыры в файле wp-db-backup.php - в плагине WordPress Database Backup. В прошлом году была найдена Directory traversal уязвимость в данно...

webSPELL 4.2.0c--XSS (BYPASS BBCODE) COOKIES STEALING VULNERABILITY--

webSPELL 4.2.0c XSS BYPASS BBCODE COOKIES STEALING VULNERABILITY ---------------- CMS INFORMATION: ---------------- --WEB: http://www.webspell.org/ affected too --DOWNLOAD: http://www.webspell.org/download.php?fileID=22 --DEMO: http://www.webspell.org/index.php?site=demo --CATEGORY: CMS / Portals...

Arbitrary file edit, Local file include, Directory traversal and Full path disclosure in WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Arbitrary file edit, Local file include, Directory traversal и Full path disclosure уязвимостях в WordPress. Дыры в файле templates.php в параметрах file и page и файлах edit-pages.php, categories.php, edit-comments.php, moderation.php, post.php и...

phpBB modified by Przemo arbitary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --====----====----====----====----====----====----====----====----====----===-- Product: phpBB modified by Przemo Version: v1.8 Vendor: http://przemo.org/phpBB2/ Discover by: Officerrr officerrr at poligon.com.pl Vendor Response: Not contacted yet...

New Local file include, Directory traversal and Full path disclosure in WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденной мною новых Local file include, Directory traversal и Full path disclosure уязвимостях в WordPress. Дыры в файлах edit.php и admin.php в параметре page Full path disclosure: http://site/wp-admin/edit.php?page= http://site/wp-admin/admin.php?page= Данные...

MoBiC-29 Bonus: XSS in WP-ContactForm

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в плагине WP-ContactForm новой версии со встроенной капчей. Это плагин для WordPress. Всего 6 XSS уязвимостей на странице опций плагина http://site/wp-admin/admin.php?page=wp-contact-form/options-contactform.php...

boastMachine v3.1 Remote Sql Injection

boastMachine v3.1 Remote Sql Injection AUTHOR : R3d.W0rm Sina Yazdanmehr Discovered by : R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download : www.boastology.com DORK : Powered by boastMachine v3.1 Bug...

уязвимости smf 1.1.2

Simple Machines Forum 1.1.2 http://www.simplemachines.org/ 1 слабая реализация звуковой капчи в этом движке звуковая капча реализуется посредством посылания браузеру звукового фала в формате WAV, файл создается путем склеивания произвольным образом нескольких файлов с разными звуками, и служит...

WMF File Denial Of Service

WMF File Denial Of Service Программа "Microsoft Office Word 2003" подвисает при вставке спецрисункаиз файла в формате WMF Программа "IrfanView" подвисает при открытии файла формата WMF Протестированно: Microsoft Office Word 2003 11.6568.8122 SP2 IrfanView 3.99 Windows XP SP2...