Posts Tagged ‘ предупредување ’
Artiphp stores database backups using backupDB() utility with a predictable file name inside the web root, which can be exploited to disclose sensitive information by downloading the file. The backup is located in ‘/artzone/artpublic/database/’ directory as ‘db_backup_[type].[yyyy-mm-dd].sql.gz’ filename.
Advisory ID: ZSL-2012-5091
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5091.php
Anchor CMS suffers from multiple stored and reflected XSS vulnerabilities when parsing user input to several parameters via GET and POST method. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.
Dork: “intext:Powered by Anchor, version 0.6”
Advisory ID: ZSL-2012-5085
Advisory details: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5085.php
BGS CMS suffers from multiple stored and reflected XSS vulnerabilities when parsing user input to several parameters via GET and POST method (post-auth). Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.
Dork: footer: “powered by BGS CMS”
Advisory ID: ZSL-2012-5084
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5084.php
Input passed via the parameter ‘sortby’ is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The param ‘num’ is vulnerable to a XSS issue where the attacker can execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
Vendor status:
[05.03.2012] Vulnerabilities discovered.
[19.03.2012] Submited details to the vendor’s bug tracking system.
[19.03.2012] Vendor investigates, confirms and fixes the issues.
[19.03.2012] Sent patch release coordination to the vendor.
[21.03.2012] Vendor releases version 2.10.18 to address these issues.
[21.03.2012] Coordinated public security advisory released.
Advisory ID: ZSL-2012-5081
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5081.php
Vendor Advisory: https://www.phplist.com/?lid=567
https://mantis.phplist.com/view.php?id=16557
Zend Server and its components suffers from a cross-site scripting vulnerability. The persistent (stored) XSS issues are triggered when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
Original Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5078.php
TXT: http://www.zeroscience.mk/codes/zend_s03.txt
HTML: http://www.zeroscience.mk/codes/zend_s03.html
Vendor: http://www.zend.com/topics/ZS-560-SP1-ReleaseNotes-20120308.txt
Input passed via the parameters ‘entSortOrder’ and ‘entSort’ in ‘ent_i.jsp’ script are not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The parameters ‘startTime’ and ‘endTime’ in ‘ent_i.jsp’ are vulnerable to a XSS issue where the attacker can execute arbitrary HTML and script code in a user’s browser session in context of an affected site. The parameter ‘userID’ in ‘usr_ent.jsp’ and ‘usr_t.jsp’ is vulnerable to HTTP Response Splitting which can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user.
Advisory ID: ZSL-2012-5077
Advisory details: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5077.php
Fork CMS suffers from multiple XSS vulnerabilities when parsing user input to several parameters in different scripts, via POST and GET methods. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user’s browser session.
Advisory ID: ZSL-2012-5076
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5076.php
webgrind suffers from a XSS vulnerability when parsing user input to the ‘dataFile’ parameter via GET method in the index.php script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session.
Advisory details: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5073.php
PoC: http://www.zeroscience.mk/codes/webgrind_xss.txt
SQL Buddy suffers from a XSS vulnerability when parsing user input to the ‘DATABASE’, ‘HOST’ and ‘USER’ parameters via POST method in ‘login.php’, and the ‘db’ parameter in ‘dboverview.php’ via GET method. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user’s browser session.
Advisory details: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5074.php
PoC: http://www.zeroscience.mk/codes/sqlbuddy_xss.txt
The vulnerability is caused due to the application loading libraries (wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening an Understand Project file (.UDB) located on a remote WebDAV or SMB share.
Vendor releases patch for this issue: http://scitools.com/download/latest/Understand/Understand-2.6.600-Windows-32bit.exe
Advisory details: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5071.php
ADManager Plus suffers from multiple XSS vulnerabilities when parsing user input to the ‘domainName’ parameter in the ‘/jsp/AddDC.jsp’ script via GET method and ‘operation’ parameter in the ‘/DomainConfig.do’ script via POST method. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user’s browser session.
PoC(s):
#1
– GET http://localhost:8080/jsp/AddDC.jsp?domainName=”><script>alert(‘zsl’)</script> HTTP/1.1
#2
– POST http://localhost:8080/DomainConfig.do?methodToCall=save HTTP/1.1
– DOMAIN_NAME=test&DOMAIN_CONTROLLER_NAME=testsrv&save=Add&operation=”><script>alert(‘zsl’)</script>&reset=
Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5070.php
IT.com.mk Exploit Database