|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 1005 CVE : CVE-2006-2727 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : Mustafa Can Bjorn IPEKCI (nukedx nukedx com)</span> (1 replies) Published : 01.06.2006
Advisory Content : These issues have been fixed as of v3.07. v2 is not supported and should no longer be available to download. Please let me know if this is not the case. Thanks, Egg www.eggblog.net -----Original Message----- From: Mustafa Can Bjorn IPEKCI [mailto:nukedx (at) nukedx (dot) com [email concealed]] Sent: 28 May 2006 15:01 To: submit (at) milw0rm (dot) com [email concealed]; full-disclosure (at) lists.grok.org (dot) uk [email concealed]; bugtraq (at) securityfocus (dot) com [email concealed]; egg (at) epicdesigns.co (dot) uk [email concealed] Subject: Advisory: Eggblog <= 3.x Multiple Remote Vulnerabilities --Security Report-- Advisory: Eggblog <= 3.x Multiple Remote Vulnerabilities --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 27/05/06 06:15 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com [email concealed] Web: http://www.nukedx.com } --- Vendor: Eggblog (http://www.eggblog.net/) Version: 3.0.6 and prior versions must be affected. About: Via this method remote attacker can inject arbitrary SQL queries to Eggblog.This SQL injection works with Eggblog version 3.0.6 and below.The problem is that id parameter id rss/posts.php did not sanitized properly before using it in SQL query.This caused to remote attacker inject arbitrary SQL queries and execute them.This SQL injection needs magic_quotes_gpc off. There is another problem in Eggblog 2.x.In registration member register status did not sanitized properly.This caused to remote attacker "register new member" as a admin nick and get administration privileges on Eggblog. Level: Critical --- How&Example: GET -> http://[site]/[EggBlog]/rss/posts.php?id=SQL EXAMPLE -> http://[site]/[EggBlog]/rss/posts.php?id=1'/**/UNION/**/SELECT/**/0,conc at(' Username:%20',username), concat('Password:%20',password)/**/from/**/eggblog_members/* POST/EXAMPLE -> http://[site]/[EggBlog]/home/register.php?username=victim&password=passw ord& email=e (at) mail (dot) com [email concealed]&ref= -- Timeline: * 27/05/2006: Vulnerability found. * 27/05/2006: Contacted with vendor and waiting reply. --- Exploit: http://www.nukedx.com/?getxpl=36 --- Original advisory can be found at: http://www.nukedx.com/?viewdoc=36  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |