Search...

TinyMuw v1.0 - XSS

2006-06-10T00:00:00

ID SECURITYVULNS:DOC:13071
Type securityvulns
Reporter Securityvulns
Modified 2006-06-10T00:00:00

Description

TinyMuw v1.0

Homepage: http://www.l0j1k.com/tinyMuw/index.php

Effected files: quickchat.php input box videoPage.php

Input isn't sanatized before being generated in the quickchat.php chatbox. For PoC try putting: <IMG SRC=javascript:alert('XSS')> in as your comment.

Full path disclosure error via URL Injection:

http://www.example.com/tinyMuw/videoPage.php?id=28'

Fatal error: Using $this when not in object context in /home/user/public_html/tinyMuw/tinyMuw/video.php on line 18

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:DOC:13071", "bulletinFamily": "software", "title": "TinyMuw v1.0 - XSS", "description": "TinyMuw v1.0\r\n\r\nHomepage:\r\nhttp://www.l0j1k.com/tinyMuw/index.php\r\n\r\nEffected files:\r\nquickchat.php input box\r\nvideoPage.php\r\n\r\nInput isn't sanatized before being generated in the quickchat.php chatbox. For PoC try putting:\r\n<IMG SRC=javascript:alert('XSS')> in as your comment.\r\n\r\nFull path disclosure error via URL Injection:\r\n\r\nhttp://www.example.com/tinyMuw/videoPage.php?id=28'\r\n\r\nFatal error: Using $this when not in object context in\r\n/home/user/public_html/tinyMuw/tinyMuw/video.php on line 18 ", "published": "2006-06-10T00:00:00", "modified": "2006-06-10T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:13071", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:17", "edition": 1, "viewCount": 23, "enchantments": {"score": {"value": 4.8, "vector": "NONE", "modified": "2018-08-31T11:10:17", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-13071", "CVE-2014-2595", "CVE-2017-13071", "CVE-2018-13071", "CVE-2015-9286", "CVE-2016-9376", "CVE-2008-7273", "CVE-2008-7272"]}, {"type": "zdt", "idList": ["1337DAY-ID-32967"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:153581"]}, {"type": "archlinux", "idList": ["ASA-201611-24", "ASA-201611-25", "ASA-201611-23"]}, {"type": "openbugbounty", "idList": ["OBB:156432"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32652", "SECURITYVULNS:DOC:32654", "SECURITYVULNS:VULN:14755", "SECURITYVULNS:DOC:32651", "SECURITYVULNS:VULN:14720", "SECURITYVULNS:DOC:32658"]}], "modified": "2018-08-31T11:10:17", "rev": 2}, "vulnersScore": 4.8}, "affectedSoftware": []}

{"rst": [{"lastseen": "2020-12-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **92[.]118.150.24** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **30**.\n First seen: 2020-12-18T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 204957: (First IP 92.118.149.0, Last IP 92.118.151.255).\nASN Name \"LAYER6\" and Organisation \"\".\nASN hosts 13071 domains.\nGEO IP information: City \"Gdask\", Country \"Poland\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-18T00:00:00", "id": "RST:23400957-DDDF-3892-A420-CB4793AE6334", "href": "", "published": "2020-12-25T00:00:00", "title": "RST Threat feed. IOC: 92.118.150.24", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **195[.]123.242.198** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **31**.\n First seen: 2020-12-21T03:00:00, Last seen: 2020-12-24T03:00:00.\n IOC tags: **generic**.\nASN 204957: (First IP 195.123.232.0, Last IP 195.123.247.255).\nASN Name \"LAYER6\" and Organisation \"\".\nASN hosts 13071 domains.\nGEO IP information: City \"Los Angeles\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-21T00:00:00", "id": "RST:DDE2B8EE-4141-32FD-89AB-ED771D8DC8B1", "href": "", "published": "2020-12-25T00:00:00", "title": "RST Threat feed. IOC: 195.123.242.198", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-21T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **195[.]123.247.170** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **43**.\n First seen: 2020-12-19T03:00:00, Last seen: 2020-12-21T03:00:00.\n IOC tags: **generic**.\nASN 204957: (First IP 195.123.232.0, Last IP 195.123.247.255).\nASN Name \"LAYER6\" and Organisation \"\".\nASN hosts 13071 domains.\nGEO IP information: City \"Prague\", Country \"Czechia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-19T00:00:00", "id": "RST:07350054-BA9C-3E3E-86A2-696102FEB5A3", "href": "", "published": "2020-12-22T00:00:00", "title": "RST Threat feed. IOC: 195.123.247.170", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-21T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **195[.]123.247.181** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **43**.\n First seen: 2020-12-19T03:00:00, Last seen: 2020-12-21T03:00:00.\n IOC tags: **generic**.\nASN 204957: (First IP 195.123.232.0, Last IP 195.123.247.255).\nASN Name \"LAYER6\" and Organisation \"\".\nASN hosts 13071 domains.\nGEO IP information: City \"Prague\", Country \"Czechia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-19T00:00:00", "id": "RST:97B25CCA-1B0A-322E-9838-C2BD7A8FE645", "href": "", "published": "2020-12-22T00:00:00", "title": "RST Threat feed. IOC: 195.123.247.181", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-21T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **195[.]123.247.210** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **43**.\n First seen: 2020-12-19T03:00:00, Last seen: 2020-12-21T03:00:00.\n IOC tags: **generic**.\nASN 204957: (First IP 195.123.232.0, Last IP 195.123.247.255).\nASN Name \"LAYER6\" and Organisation \"\".\nASN hosts 13071 domains.\nGEO IP information: City \"Prague\", Country \"Czechia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-19T00:00:00", "id": "RST:64BA9D05-D958-3065-8F19-2EC1D945956A", "href": "", "published": "2020-12-22T00:00:00", "title": "RST Threat feed. IOC: 195.123.247.210", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-21T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **195[.]123.247.212** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **34**.\n First seen: 2020-12-06T03:00:00, Last seen: 2020-12-21T03:00:00.\n IOC tags: **generic**.\nASN 204957: (First IP 195.123.232.0, Last IP 195.123.247.255).\nASN Name \"LAYER6\" and Organisation \"\".\nASN hosts 13071 domains.\nGEO IP information: City \"Prague\", Country \"Czechia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-06T00:00:00", "id": "RST:98F80BD8-C499-3C83-B4C9-50E80C523F6F", "href": "", "published": "2020-12-22T00:00:00", "title": "RST Threat feed. IOC: 195.123.247.212", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-21T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **45[.]90.58.42** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **6**.\n First seen: 2020-06-15T03:00:00, Last seen: 2020-12-21T03:00:00.\n IOC tags: **generic**.\nASN 204957: (First IP 45.90.56.0, Last IP 45.90.59.255).\nASN Name \"LAYER6\" and Organisation \"\".\nASN hosts 13071 domains.\nGEO IP information: City \"Geneva\", Country \"Switzerland\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-06-15T00:00:00", "id": "RST:D0526783-3FE9-3D5A-8B9F-C9DFCF0E6097", "href": "", "published": "2020-12-22T00:00:00", "title": "RST Threat feed. IOC: 45.90.58.42", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-21T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **107[.]181.174.74** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **2**.\n First seen: 2019-11-07T03:00:00, Last seen: 2020-12-21T03:00:00.\n IOC tags: **generic**.\nASN 204957: (First IP 107.181.174.0, Last IP 107.181.174.255).\nASN Name \"LAYER6\" and Organisation \"\".\nASN hosts 13071 domains.\nGEO IP information: City \"\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-11-07T00:00:00", "id": "RST:C58B5F7B-9E31-3812-B3B2-9DCEA678B6D1", "href": "", "published": "2020-12-22T00:00:00", "title": "RST Threat feed. IOC: 107.181.174.74", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-21T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **45[.]90.58.251** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2020-12-21T03:00:00, Last seen: 2020-12-21T03:00:00.\n IOC tags: **generic**.\nASN 204957: (First IP 45.90.56.0, Last IP 45.90.59.255).\nASN Name \"LAYER6\" and Organisation \"\".\nASN hosts 13071 domains.\nGEO IP information: City \"Geneva\", Country \"Switzerland\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-21T00:00:00", "id": "RST:886723F8-0CE0-31AA-A3B9-CEF349F87A8D", "href": "", "published": "2020-12-21T00:00:00", "title": "RST Threat feed. IOC: 45.90.58.251", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-21T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **195[.]123.240.2** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2020-12-21T03:00:00, Last seen: 2020-12-21T03:00:00.\n IOC tags: **generic**.\nASN 204957: (First IP 195.123.232.0, Last IP 195.123.247.255).\nASN Name \"LAYER6\" and Organisation \"\".\nASN hosts 13071 domains.\nGEO IP information: City \"Los Angeles\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-21T00:00:00", "id": "RST:0F3F614A-05D5-3EBF-B81E-E0504E0C2E1B", "href": "", "published": "2020-12-21T00:00:00", "title": "RST Threat feed. IOC: 195.123.240.2", "type": "rst", "cvss": {}}]}