-UNSECURED SYSTEMS-

XSE shopping cart XSS vuln.

2010-09-15T00:53:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 15 September 2010
vendor:http://www.ecommercesoft.net/
affected versions:ver.: 1.5.3.0 / 1.5.2.1
and other prior
versions also can be affected.
###############################################

XSE shopping cart contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "id" parameter in "default.aspx" and "type" parameter in "SearchResults.aspx" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

##############################################

Solution:
Filter malicious characters and character sequences in a web proxy.
###############################################

Open Classifieds version 1.7.0.2 XSS Vuln.

2010-09-12T04:34:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 12 September 2010
vendor:http://open-classifieds.com/
affected versions:Open Classifieds version 1.7.0.2
Open Classifieds version 1.7.0
and other prior
versions also can be affected.
###############################################

Open Classifieds contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "desc","price","title","place" parameter in "index.php" and "subject" parameter in "contact.htm" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

##############################################

Solution:
Filter malicious characters and character sequences in a web proxy.
###############################################

new r0t FAQ edition 0.91 alfa

2010-09-11T16:29:00.000-07:00

r0t FAQ edition 0.91 alfa

Hi again,
Im r0t who reports mostly about new SQL/XSS attack vulnerabilities on net.
So there is some things that i want to do clear:

1)You arent correct with you report.

1.Every from my vulnerability report is autmaticaly reported to biggest vuln. research
teams/bugtraq sites (secunia,osvdb,frsirt,security.nnov.ru)So, thats mean or you are more skilled that we all together or you mis.. some stuff. 99% of all my reports are later verified by biggest and best vulnerability researchers on the world.
So i have mistakes also with my reports , cauz sometimes i report vuln. for software which dont have any public demos or trial versions and my test are only tested on "case study" or clients who use that software.
In that way sometimes vuln researchers after me to verify my report have big problems with that, cauz who wanna test in real examples and of course its illegal, so you can only imagine how is to prove something doing test on bank sites and .gov sites.
about that of course i have problems with governments,police and other structures who fight vS "hackers" at all , but its my problem ,not yours.
Do it mean that i had broken laws with my tests and reports?
Yes of course, but as i used only for testing and reporting, i can answer in any justice for that, for my tests and reports.

2)Next time report to vendor!

2.Why i dont report to vendors about vulnerabilities?There was few times when i did report and one of them was Vbulletin my favorite forum developers, when from few reports i didnt get answers in some weeks i automatically forgot about reporting to vendors. Of course not all vendors is like one vendor and one vendor isnt like others.

3) Its isnt professional when you dont report to vendors.

3.Look if you are one of those vendors who are listed on my blog, so thats shows that you had mistake in your work and your product was unsecured and thats means that you arent professional, im not a developer im only pentester.

4)Give me live example.

4. If you arent from Secunia,frsirt,osvdb or vendor i will not provide you with any live examples or HowTo´s.So anyway forget about that and RFM!

5)We had fixed that in new release,delete your report.

5.Look Im very glad that you had fixed that vuln., but your vuln. version of your developed software is already in use and many people will use it for while.
Its my reports and nothing will be deleted only if i will recognize that it was my mistake.

6) You are hacker.

6. I never had that idea that im hacker , hacker for me i guru in that skills and knowledge that i dont have. I do only my "job" i report about unsecure systems, with wish that not a vendor ,but software potentional user will now about unsecured systems and he will get more easy to chose witch one software he will use in his project.
Yes of course i admit and moderate some hacker and security boards now , but there i am with another "ID", cauz sometimes to be a r0t, can very dangerous.

PS.
I hope this FAQ will give answers to most of your questions, if you have any another questions about me or my reports you can mail me: krustevs[at] gmail.com

NetArtMEDIA Real Estate Portal v2.0 XSS vuln. + NetArtMEDIA lfi.

2010-09-09T16:04:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 09 September 2010
vendor:http://www.netartmedia.net/realestate/
affected versions:NetArtMEDIA Real Estate Portal v2.0 and other
versions also can be affected.
###############################################

NetArtMEDIA Real Estate Portal v2.0 contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "id" parameter in "AGENTS/index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

for successful exploitation you must be logged in.
##############################################

Solution:
Filter malicious characters and character sequences in a web proxy.
###############################################

+ bonus LOCAL FILE INCLUDE VULN. IN NetArtMEDIA products.

Almost all NetArtMEDIA products have local file inclusion vuln.
in exmaple in Real Estate Portal v2.0 -"folder" and "action" parameter in "AGENTS/index.php"
by other products try also "action" parameter for local file include.
Vendor website is running on product "WebSiteAdmin v2.1"(http://www.websiteadmin.biz/), for local file include use input in "lng" parameter in "ADMIN/login.php"

=====================================================================================

iBoutique.MALL 1.2 XSS vuln.

2010-09-09T15:56:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 09 September 2010
vendor:http://www.netartmedia.net/mall/
affected versions:iBoutique.MALL 1.2and other
versions also can be affected.
###############################################

iBoutique.MALL 1.2 contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "tmpl" parameter in "index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
##############################################

Solution:
Filter malicious characters and character sequences in a web proxy.
###############################################

PowerStore™ 3 XSS vuln.

2010-09-09T14:05:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 09 September 2010
vendor:http://www.webassist.com/php-scripts-and-solutions/powerstore/
affected versions:PowerStore™ 3 and other
versions also can be affected.
###############################################

PowerStore™ 3 contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "totalRows_WADAProducts" parameter in "Products_Results.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
##############################################

Solution:
Filter malicious characters and character sequences in a web proxy.
###############################################

NetArtMEDIA Car Portal v2.0 XSS vuln.

2010-09-09T13:48:00.001-07:00

###############################################
Vuln. discovered by : r0t
Date: 09 September 2010
vendor:http://www.netartmedia.net/carsportal/
affected versions:v2.0 and other
versions also can be affected.
###############################################

NetArtMEDIA Car Portal contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "car_id" parameter in "index.php" and input passed to the "y" parameter in "include/images.php' isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
##############################################

Solution:
Filter malicious characters and character sequences in a web proxy.
###############################################

Fendereejam balticom Trafiku.

2010-09-09T03:42:00.000-07:00

Tiem kas izmanto na savu netu un patik lietot programas ka Utorrent.
Kaut kad nesen pamaniju vienu fishku ar balticom klientiem, kuri var netu lietot tikai ar ierobezhotu pc skatu,toest ja gribi otro kompi pielsegt maksa papildus.
Kadu vakaru nebiju ipasi apmierinats ar mana kaimina Vasjas sniegto atrumu velkot filmas, pameiginaju apskatities kas notiek apkart.
Piesledzoties pie vairakiem bezparoles labdariem, meiginot ieiet mani redirekteja uz uz balticom klientu majas lapu pazinojot par to ka mana mac adrese nav registreta tikla un man nav iedalita IP, vai kaut kas tamlidzigs.
Protams ar talruni lai es varetu pieslegt savu pc ,jeb ka vini saka registret to par papildus maksu.
Nets ir tatad izmantosim to kaut vai filmam neveicot nekadas ipasi sarezhgitas darbibas.
Musu uTorrentam jabut procesa , isak sakot failu velkam pa musu vajo kanalu un vienkarsi nenamam un parsledzamies uz balticom un skatamies - vuallaa!
Terejam ne savu trafiku un iegustam iespejams velamo failu.
Ja metode neiet Jums ar pirmo reizi cauri meiginiet vel.
Ceru ka neaizravos ar nepareizu sarunvalodu un izskaidroju pavisam neachgaarni.

Member Management System v 4.0 XSS vuln.

2010-09-09T00:23:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 09 September 2010
vendor:http://www.expinion.net/Applications/MMS_overview.asp
affected versions:v 4.0 and other
versions also can be affected.
###############################################

Member Management System contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "REF_URL" parameter in "admin/index.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
##############################################

Solution:
Filter malicious characters and character sequences in a web proxy.
###############################################

Google Store vuln.

2010-08-10T18:18:00.000-07:00

4 years ago i had posted about XSS vuln. in GoogleStore:

GoogleStore XSS@2006 year

Today i had checked again , but others parameters.
And look what i found- an attacker can easy change file(image,etc) location to his malicius file.

Live P0c:
http://www.googlestore.com/view_large.aspx?img=http://img834.imageshack.us/img834/3778/r0t.png&edp_no=16918

PS. probaly nothing special* as a vuln.,but its interesting why coders/developers of GoogleStore do so simple mistakes.

DirectAdmin <= v1.35.1 XSS vuln.

2010-03-14T20:30:00.001-07:00

###############################################
Vuln. discovered by : r0t
Date: 15 March 2010
vendor:http://www.directadmin.com/
affected versions:v1.35.1 and other
versions also can be affected.
###############################################

DirectAdmin contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "name" parameter in "CMD_DB_VIEW" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
##############################################
live PoC:
http://www.directadmin.com:2222/CMD_DB_VIEW?DOMAIN=demo.com&name=%22%3E%3Cscript%3Ealert%28111%29;%3C/script%3E
PS.
need to login:
demo_user:demo
###############################################
Solution:
Filter malicious characters and character sequences in a web proxy.
###############################################

Garam ejot, jeb back...

2010-03-14T19:10:00.000-07:00

Sen nebiju bijis , bet shobrid atradu mazu mirkli , lai uzrakstitu kadu domu un droshi vien ka iet.

Pedeja laika skatos, ka vards Neo ir kluvis loti populars LV prese.
Ko tur teikt, smiekligi ar tadu infu nekad es nekepatu pat lieku flashku ,kur nu vel vairak. Kaut kadi VID dati, lai kadam atgadinat cik un kuram ir alga uz papira? To taksh Valsts Kontrole un KNAB utt. var apskatit jebkura bridi.
Laikam cilveks kursh izvelejas vardu Neo , izvelejas to jo masam tas ir daudz pienemaks neka hax0rzzz:)Bet ta reali tadus nikus sev izvelas CS mili,jeb delitanti.
Shodien iegaju Delfos a tur raksts ,ka Chili Pica's klientu dati nopludusi tikla, tipa tiem kuriem tur klientu kartes bija, aarpraac.. he he... smiekligi ko tad ar Picu edaju infu var iesakt, vienigais laikam konkurenti var nofludot tos ar spamu lai dabutu sev kadu klientu vairak un tas ari viss, bet breka liela un atkal tiek pieminets Neo protams komentos..:))
Cilveku stulbumam laikam nav robezhu..
Ja kads no tiem stulbeniem tagad lasa manis rakstito , tad jebkuras kompanijas vai uznemuma LV datubazi dabut ir tik viegli ,ka aptuveni Azeru prova datubazi dabut, tik kam tas ir vajadzigs.. zhurnalistiem vai?Vai tiem kas pavada visu laiku kadas dzeltenes preses zinas ar iespeju komentet izmetot visu savu zhulti uz visiem launajiem deptutatiem,utt.
Labi tas par to bulshitu kas notiek presse.

Ir doma atsakt blogot un ne tikai... vajadzigi ir kadi paris koderi ar taisniem pirkstiem, kuriem butu prieks veltit laiku ka pen-testeriem,toest nodarboties ar ievainojamibu meklesanu,esmu gatavs ari finansiali atbalstit, ja protams jus attaisnosiet uz jums liktas ceribas.Nopelnisiet sev atpazistamibu pasaule vismaz shaja shauraja sfera, ka ari maizei ar desu nopelnisiet.

Ka ari welcome visiem tiem kuriem intrese un patik web aplikaciju ievainojamibas .

Pasts mans ir vecais krustevs gmail.com

phpMyAdmin XSS vuln.

2009-06-30T06:25:00.001-07:00

###############################################
Vuln. discovered by : r0t
Date: 30 june 2009
vendorlink:http://www.phpmyadmin.net/
affected versions:
phpMyAdmin 3.2.0.1
phpMyAdmin 3.2.1-dev
phpMyAdmin 3.3.0-dev
phpMyAdmin 2.11.10-dev
phpMyAdmin 3.2.0-rc1
and another versions also can be affected
###############################################

Vuln. Description:

phpMyAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "db" paremeter in "index.php" isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

live PoC:
http://demo.phpmyadmin.net/MAINT_3_2_0/index.php?db=%22%3E%27%3E%3Cscript%3Ealert%28%2Fr0t%2F%29%3C%2Fscript%3E&token=f70d8ec4305c5a877f56c14554aced10

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

Ps.
By changing XSS test requests for popular products like phpMyAdmin vulns like XSS will never ends.To prove my words,just use XSS PoC request from live example by another parameters.

XSS ieksh SS.LV

2009-06-29T06:24:00.000-07:00

Ka jau lielakai dalai Mekleshanas dzinejiem ir populara kibele ar XSS, tad ss.lv ar neko ipashi neatshkkiras.
Mekleshana:
r0t://www.ss.lv/lv/transport/cars/search/

parametrs "Cena": ar savam divam ailem "Min" un "Max" ir vieta kur ir ticis nohalturets.

Hackers Library

2009-06-29T04:45:00.000-07:00

* Ebook - Computer) Hacking The Windows Registry.pdf
* (eBook - PDF) Hugo Cornwall - The Hacker's Handbook .pdf
* (eBook pdf) Hacking into computer systems - a beginners guide.pdf
* (ebook_-_pdf)_Hacking_IIS_Servers.pdf
* A Beginners Guide To Hacking Computer Systems.pdf
* amazon-hacks.chm
* Attacking the DNS Protocol.pdf
* Auerbach.Practical.Hacking.Techniques.and.Counterm easures.Nov.2006.pdf
* bsd-hacks.pdf
* Certified Ethical Hacker (CEH) v3.0 Official Course.pdf
* Computer - Hackers Secrets - e-book.pdf
* cracking-sql-passwords.pdf
* Crc Press - The Hacker'S Handbook.pdf
* Credit.Card.Visa.Hack.Ucam.Cl.Tr.560.[223.kB_www.netz.ru].pdf
* DangerousGoogle-SearchingForSecrets.pdf
* database hacker handbook.chm
* Dummies - Hack How To Create Keygens (1).pdf
* ebay-hacks-100-industrial-strength-tips-and-tools.pdf
* eBooks.OReilly.-.Wireless.Hacks.100.Industrial.-.Strength.Tips.and.Tools.chm
* ethical hacking, student guide.pdf
* excel-hacks.chm
* google-hacks.pdf
* Guide-to-Hacking-with-sub7 (1).doc
* Hack IT Security Through Penetration Testing.pdf
* Hack Proofing - Your Network - Internet Tradecraft.pdf
* Hack Proofing Linux A Guide to Open Source Security - Stangler, Lane - Syngress - ISBN 1-928994-34-2.pdf
* Hack Proofing Sun Solaris 8.pdf
* Hack Proofing Your E-Commerce Site.pdf
* Hack Proofing Your Identity In The Information Age.pdf
* Hack Proofing Your Network Second Edition.pdf
* Hack Proofing Your Network_First Edition.pdf
* Hack Proofing Your Web Applications.pdf
* Hacker Disassembling Uncovered.chm
* hacker ethic.pdf
* Hacker Linux Uncovered.chm
* Hacker Web Exploitation Uncovered.chm
* Hacker'S.Delight.chm
* Hackers Beware.pdf
* Hackers Secrets Revealed.pdf
* Hackers Secrets.pdf
* Hackers, Heroes Of The Computer Revolution.pdf
* Hackers_Secrets.pdf
* Hacker_s_Guide.pdf
* Hacking - Firewalls And Networks How To Hack Into Remote Computers.pdf
* Hacking - The Art of Exploitation.chm
* Hacking Cisco Routers.pdf
* Hacking Exposed - Network Security Secrets & Solutions, 2nd Edition.pdf
* Hacking Exposed Network Security Secrets & Solutions, Third Edition ch1.pdf
* Hacking For Dummies 1.pdf
* Hacking For Dummies 2.pdf
* Hacking For Dummies.pdf
* Hacking GMail.pdf
* Hacking IIS Servers.pdf
* Hacking into computer systems - a beginners guide.pdf
* hacking the windows registry .pdf
* Hacking Windows XP.pdf
* Hacking-ebook - CIA-Book-of-Dirty-Tricks1.pdf
* Hacking-Hacker's Guide.pdf
* Hacking-Hackers Secrets Revealed.pdf
* Hacking-Hugo Cornwall-The Hacker's Handbook .pdf
* Hacking-The Hacker Crackdown.pdf
* Hacking.For.Dummies.Access.To.Other.People's.Syste m.Made.Simple.pdf
* Hacking.Guide.V3.1.pdf
* Hacking.nfo
* Hacking.sfv
* Hackproofing Oracle Application Server.pdf
* Hack_Attacks_Revealed_A_Complete_Reference_With_Cu stom_Security_Hacking_Toolkit.
* chm
* Hack_IT_Security_Through_Penetration_Testing.chm
* haking.txt
* Halting.The.Hacker.A.Practical.Guide.To.Computer.S ecurity.chm
* How to Crack CD Protections.pdf
* John Wiley & Sons - Hacking For Dummies.pdf
* John.Wiley.and.Sons.Hacking.Windows.XP.Jul.2004.eB ook-DDU.pdf
* linux-server-hacks.pdf
* little_black_book_oc_computer_viruses.pdf
* mac-os-hacks.chm
* McGraw-Hill - Hacking Exposed, 3rd Ed - Hacking Exposed Win2.pdf
* McGraw.Hacking.Exposed.Cisco.Networks.chm
* McGraw.Hill.HackNotes.Network.Security.Portable.Re ference.eB.pdf
* McGraw.Hill.HackNotes.Web.Security.Portable.Refere nce.eBook-.pdf
* McGraw.Hill.HackNotes.Windows.Security.Portable.Re ference.eB.pdf
* Mind Hacks - Tips & Tricks for Using Your Brain.chm
* network-security-hacks.chm
* No.Starch.Press.Hacking.The.Art.Of.Exploitation.ch m
* O'Reilly - Online Investing Hacks.chm
* O'Reilly.-.Network.Security.Hacks.chm
* O'Reilly.Windows.Server.Hack.chm
* O'Reilly.Windows.Server.Hack.rar
* online-investing-hacks.chm
* OReilly Google Hacks, 1st Edition2003.pdf
* OReilly - Google Hacks.pdf
* Oreilly, Paypal Hacks (2004) Ddu.chm
* OReilly,.IRC.Hacks.(2004).DDU.chm
* OReilly.SQL.Hacks.Nov.2006.chm
* OSB.Ethical.Hacking.and.Countermeasures.EC.Council .Exam.312.50.Student.Coursewar
* e.eBook-LiB.chm
* O_Reilly_-_Windows_XP_Hacks.chm
* PC Games - How to Crack CD Protection.pdf
* Security and Hacking - Anti-Hacker Tool Kit Second Edition.chm
* SoTayHacker1.0.chm
* spidering-hacks.chm
* SQL Hacks.chm
* SQLInjectionWhitePaper.pdf
* Syngress - Hacking a Terror Network. The Silent Threat of Covert Channels.pdf
* Syngress -- Hack Proofing Your Wireless Network.pdf
* Syngress Hack Proofing Your Identity in the Information Age.pdf
* Syngress.Buffer.Overflow.Attacks.Dec.2004.eBook-DDU.pdf
* Syngress.Hack.the.Stack.Oct.2006.pdf
* The Little Black Book Of Computer Virus.pdf
* The_20Little_20Black_20Book_20of_20Computer_20Viru ses.pdf
* tivo-hacks.100-industrial-strength-tips-and-tools.pdf
* u23_Wiley - Hacking GPS - 2005 - (By Laxxuss).pdf
* Wiley.The.Database.Hackers.Handbook.Defending.Data base.Servers.chm
* Win XP Hacks oreilly 2003.chm
* Windows Server Hacks.chm
* WinXP SP1 Hack.pdf
* Xbox-hack - AIM-2002-008.pdf
* Yahoo.Hacks.Oct.2005.chm

Download from Rapidshare:

r0t://rapidshare.com/files/82425846/Hacking.part01.rar
r0t://rapidshare.com/files/82442869/Hacking.part02.rar
r0t://rapidshare.com/files/82427993/Hacking.part02.rar
r0t://rapidshare.com/files/82445546/Hacking.part03.rar
r0t://rapidshare.com/files/82430177/Hacking.part03.rar
r0t://rapidshare.com/files/82432614/Hacking.part04.rar
r0t://rapidshare.com/files/82448319/Hacking.part04.rar
r0t://rapidshare.com/files/82451101/Hacking.part05.rar
r0t://rapidshare.com/files/82454225/Hacking.part06.rar
r0t://rapidshare.com/files/82457503/Hacking.part07.rar
r0t://rapidshare.com/files/82460913/Hacking.part08.rar
r0t://rapidshare.com/files/82464586/Hacking.part09.rar
r0t://rapidshare.com/files/82468340/Hacking.part10.rar
r0t://rapidshare.com/files/82471881/Hacking.part11.rar
r0t://rapidshare.com/files/82473464/Hacking.part12.rar

if download dont works 4 u , change/replace "r0t" to "http".

RTFM ;]

Iznakusi BackTrack 4 Pre Release

2009-06-25T14:34:00.000-07:00

Ligi, ligo, veljorpojam laikam manas asinis ir vairak alus neka asinis.
Bet nepar iet runa , runa ies par Backtrack 4 kuram nupat iznakusi ir "Pre Release".

Ta ka kursh nevar nociesties un sagaidit Final relizi, tad velkam sheit.Ja salidzinasim ar Backtrack 4 beta, tad svars ir manami pieaudzis no 854mb uz 1390mb, te jau lielu lomu tas vairs nespele, ja Backtrack tresho vareja dabut virsu uz CD matricas, tad te veel uz DVD paliks daudz brivas vietas:)
Tapatas* var paluureet Introduction Video vai palasit .PDF par to kas jauns lacitim vedera.

SS.lv Zirgu stallis

2009-06-20T06:05:00.000-07:00

Iegaju ka tiko ss.lv apskatities sludinajumus un mans AntiVir sak brekt par malware ieksh javascript , kad veras pats sludinajuma logs valja .Vai nu kads zikkeris paspejis ielikt , bez zinjas vai ss.lv piepelnaas:) Kriize , kriize..

PS. protams ka ar FF kluse , jo tendets tieshi prieksh IE.

Te ir viens no failiem:
h**p://i.ss.lv/w_inc/decoder.js

SATURS

iemetot ieksh virustotal.com shadi rezultati iznaca mums.
no 41 av 2 nobrecas:
AntiVir 7.9.0.19 HEUR/HTML.Malware
McAfee-GW-Edition 6.7.6 Heuristic.HTML.Malware

Anti XSS ieksh inbox.lv

2009-06-20T02:53:00.000-07:00

Inbox.lv pats nelietoju, tapeec vareetu teikt ,ka pat nezinaju , kaads tas zveers izskataas. Nejaushi uzduros Googlej0t uz viena bloga, kur itka publicejas:
"Jul 2001–Feb 2007: Chief Developer at Inbox.lv, largest Latvian Internet portal, proud to say it moved from #4 to #1 in terms of weekly unique visitors since I joined the company." jeb vienkarshi Viktors Rotanovs.
Labi , protams rodas iespaids Chief Developer iespejams ka mega labs , par vinja pro neshaubos nemirkli un rekur vel pamaciba bloga par Anti-XSS , tad jau itka visam inbox.lv vajadzetu buut kaartiibaa , ieshu ka es paluukoshos.
Es biju mazliet parsteigts, ka lielako ties tam mega portalam nekas pashu rokam nav rakstits*, pa bazi njemti gatavi mazliet modificeti, ka piem pats pasts tiraka Horde,tie amigos ir viens no MySpace kloniem kuri metajas tiimeklii.
Tad par XSS, uzmetu aci ipashi nechenshoties pat testa pieprasijumu nemainot atradu paariiti.Isak sakot es domaju ka tas viss ir paradijies peec 2007-ta jo Viktors to nebutu pielavis..:)

Amigos, jeb MySpace klons

MySpace Klons
http://amigos.inbox.lv/index.php?mode=report_spam&cat=1&id=155522&from=%22%3E%3Cscript%3Ealert(111);%3C/script%3E
http://amigos.inbox.lv/index.php?mode=report_spam&cat=1&id=155522%22%3E%3Cscript%3Ealert(111);%3C/script%3E
http://amigos.inbox.lv/index.php?mode=report_spam&cat=1%22%3E%3Cscript%3Ealert(111);%3C/script%3E

ps. index vieta admin un esam , pie sprices:)

http://work.inbox.lv/darbs/o-%22%3E%3Cscript%3Ealert(111);%3C/script%3E.html
http://smart.inbox.lv/?logout=1%22%3E%3Cscript%3Ealert(111);%3C/script%3E
http://smart.inbox.lv/cr_game/index.php?game_id=15420&rnd=%22%3E%3Cscript%3Ealert(111);%3C/script%3E
http://smart.inbox.lv/cr_game/index.php?game_id=%22%3E%3Cscript%3Ealert(111);%3C/script%3E

Ja ticet readme.html failam kas metajas tur, tad WP versija ir 1.5:)
http://company.inbox.lv/news/readme.html

PS.Jau ieprieks atvainojos par sagadatam neertibam, ne pret Viktoru ne pret inbox.lv kolektivu nav man nekadas pretenzijas, es tikai garam ejot ,lai paskatitos ,ka jums iet.

DirectAdmin <= v1.33.6 XSS vuln.

2009-06-19T13:59:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 19 June 2009
vendor:http://www.directadmin.com/
affected versions:v1.33.6 and other
versions also can be affected.
###############################################

DirectAdmin contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "view" parameter in "CMD_REDIRECT" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
##############################################
live PoC:
http://www.directadmin.com:2222/CMD_REDIRECT?view=
advanced&sort1%22%3E%3Cscript%3Ealert(111);%3C/script%3E=1&domain=demo.com
PS.
need to login:
demo_user:demo
###############################################
Solution:
Filter malicious characters and character sequences in a web proxy.
###############################################

Trojani zem Latvijas karoga

2009-06-19T08:18:00.000-07:00

Trojas zirgi un to Botneti*.
Runa ir par to,ka labu laiku atpakal ticis konstatets,bet joprojam nekas nav darits.
Es pat abrinoju tos cilvekus ,kuri apzinoties to ka vinju botneta serveris ,kur nak visi logi* un stav administracijas panelis,to visu pasakumu neparliek uz cita servera.
Pie tadas nodarbes serveri ir jamaina vismaz reizi pa 2-3 menesiem.
Ir viens tads monitoringa saits ka ZeuS Tracker ,kursh veero ZeuS troja izplatibu timekli.
Tad luk viens no top* Trojana ZeuS hosteriem ir musu pashu JUNIK un rekur ari trakeri vesels saraksts ar ZeuS adminkam*.
Ka jau ieprieks mineju , ka parak ilgi stav vini tur.
Tapat luk bus vel viena vieta , kur redzama aktivitates grafika
Pienemsim ka provaideram/hosterim ir pie vienas vietas vai ari piekopj taadu politiku,par tiesibsargajoshajam iestadem nemineshu,bet ir jau ari citi aspekti piemeram Zeus adminka* kada ta naca no developera* ir loti sliktas kvalitates,taapat ka ari Limbo 2 .
Ta ka ir tadi monitoringa pasakumi, nav jau gruti pat treshajai personai ielist laaciitim veedera un panjemt ko vajag.

Sikak par ZeuS funkcionalitati varat palasit autora uzceptaja manuali.

Pazudushie Cilveki

2009-06-18T06:54:00.000-07:00

www pasaule sastaptie cilveki vareetu kadam likties , ka vinji tepat ir ka konfektes aiz vitrinas veikala, ka Tu vinjus redzi un tepat vien ir...Tomer viss ir savadaak.Nupat pasham uznaca kaut kada nostalgija par veciem laikiem* pienemsim to pasu vien netsec.lv , ne es butu manijis DigX ne Mandarin'u, te tev bija te tev izbija.Tapat bija taads pasakums ka X-access (x-access.biz , x-exploitz.com)kas itka bija topa augshgala sava nishaa , bet pec tam kadam kaut kas apnika un viss pajuka,bet cilveku bija daudz ar kuriem vareja dalities zinashanas un tapat vien paterzet.Ir jau brizhi kad mes jutamies ka esam izaugushi pietiekoshi un ka ir jakustas uz priekshu un pashreizeeja vieta nevar iedot to izaugsmes iespeju.
Izaugsme, tas vien ir atsevishkka posta* veerts vaards.
Turpinam ar to ko iesaku,luk shis pats blogs ne es butu manijis :VietMafia,der4444,cembo pedejo gadu laika:( Diemzhel pats daudz kur esmu pie taa vainigs, es pats ik pa bridim pazudu vai nu uz pusgadu ,vai uz gadu un ko tad var gaidit no parejiem.
Teiksat ,ja gribetu butu jau sen atradis..varbut ari, vienkarshi lai apjautatos: ka iet? Neiesi googleet cauram dienam.Pieturos pie shi bloga ari ar ceribu , ka caur shejieni mani vares vel dabut roka.Ta ka, ja kads no manis minetajiem cilvekiem lasa sho droshi dodat par sevi zinat.

PS>
Nezinu nemaz vairs ko shaja bloga publicet, laikam vajag vai nu vecos biedrus atpakalj dabuut vai nu jaunas asinis*.

Uz bridi ,kad ir laiks...

2009-06-02T11:45:00.000-07:00

Roka vienkarsi necelas, lai nemtu un veiktu - copy/paste*,lai uzturetu blogu aktivu.Necelas roka ari lai kadu nodi...u.Tapat ar ievainojamibam ir, ka ir pamaz stimula ,lai ari vinam nodarbotos.
Tapec nolemu pajautat Jums -varbut jums ir kada ideja vai ieteikums par kadu rakstu/iem.
Tad drosi varat rakstit uz krustevs(a)gmail com.

Wifi Hacks AIO 2009

2009-05-22T03:03:00.000-07:00

Some software&e-books for wardrivers....
enjoy.

Wifi Hacks AIO 2009
27 in 1 WiFi Hacks Tools & E-Books

Hacks page 1:
* Comm View for WiFi v5.2484
* Pure NetWorks NetWork Magic 2
* Air Cr@ck
* AP Sniff
* Comm View
* Aerosol
* Easy WiFi Radar
* Boingo Wireless

Hacks page 2:
* Get Wep Key Of Encrypted Wireless Connection
* WiFi Companion v2.10.4
* Net Stumbler
* WiFi H@ck Tools
* WiFi Internet Access Blocker
* iPig WiFi HotSpot VPN Security

Hacks page 3:
* Hot Spotter v0.4
* Kismet
* WDG
* AirShort v0.2.7e
* WiFi Hopper v1.2
* Wireless NetWork Ignition
* Wepwedgie - alpha
* Wep Cr@ck

E-Books:
* O-Reilly Wireless H@cks
* System Cr@cking 2k
* FB! Teaches how to break WiFi
* Collection of H@cking Dictionary

* How to Cr@ck WEP

Download link

activeCollab XSS and Full Path Disclosure

2009-05-17T13:59:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 17 May 2009
Vendor:http://www.activecollab.com/
affected versions:2.1, corporate
other versions also can be affected.
###############################################

1.Cross-Site Scripting (XSS) Vulnerability
activeCollab contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "re_route" parameter in "/login?" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2. Full Path Disclosure
The problem is that it is possible to disclose the full installation path by "testing" XSS vulnerability(look at part 1.)

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

numurs>Divi

2009-04-26T09:05:00.000-07:00

Biju nozudis atkal uz diezgan ilgu laiku.Shogad pie neta esmu pirmo reizi, kaut vai aaraa jau gandriiz vai maijs.
Vasara klaat un vairs nav tas laiks lai vareetu to veltiit PC.
Esmu mazliet par X-Force publikaaciju ,jo sevi pat tuvu neliktu numuram 2.
Bija laika posms ,kad man patika urkkeeties gar taam ievainojamiibaam un publiskot.
Kaut vai shobriid es ari straadaju, bet ne pie konkreetiem produktiem un ne prieksh publicitaates,kaut vai pieljauju domu par kaadu rakstu , tikai laiks ir tam jaaizbriivee.
Par blogoshanu turpmaako, vizmaz tuvaakajaa laika es neredzu briivaa laika tam,bet ceru ka kaadu dienu atgrieziishos pie iesaaktaa.

PS.
Starpcitu, esmu tas pats vien *krustevs* ,kursh gozejas pa NetSec forumu.

DataSpade XSS vuln.

2008-09-22T15:50:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 23 September 2008
Vendor:http://www.dataspade.com/
affected versions:DataSpade V1.0
other versions also can be affected.
###############################################

DataSpade contains a flaws that allows a remote Cross-Site Scripting attacks.Input passed to the "ViewName" and "TableName" and "OrderBy" and "FilterField" parameter in "Index.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

last monthes view

2007-10-08T08:32:00.000-07:00

My 09.07 plan was get our board back , but even know i don't have enough time to do that.
Its seems that i must ask cembo to do that.
I checked today our old blog address which blogger had changed , and there is already new asian blog, they didn't change even slogan its still UNSECURED SYSTEMS:) Thats look like nice SEO trick:)
Good thing is that securityfocus and CVE already changed links from pridels.blogspot.com to pridels0.blogspot.com.
Last advisories what i publish was only XSS and i will publish them for long, other advisories goes for private public.
Team work seems is gone, i see only cembo now , so we have 50% less brain and 50% less hands.
With that resources we cant be good enough , but we will contributing also in future ...

Wikepage XSS vuln.

2007-10-07T17:59:00.001-07:00

###############################################
Vuln. discovered by : r0t
Date: 7 October 2007
Vendor:http://www.wikepage.org/
affected versions:Wikepage Opus 13 2007.2
other versions also can be affected.
###############################################

Wikepage contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "PageContent" and "PageName" parameter in "index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

note:
Wikepage is derived from Tipiwiki2, so almost same structure, that vuln. you can find also
in current Tipiwiki2.
###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

Minki XSS vuln.

2007-10-07T17:58:00.001-07:00

###############################################
Vuln. discovered by : r0t
Date: 7 October 2007
Vendor:http://minki.theprawn.com/
affected versions:Minki 1.30
other versions also can be affected.
###############################################

Minki contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "page" parameter in "index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

Directory Image Gallery XSS vuln.

2007-10-07T17:57:00.001-07:00

###############################################
Vuln. discovered by : r0t
Date: 7 October 2007
Vendor:http://splitside.net/store/index.php?main_page=product_info&products_id=1
affected versions:Directory Image Gallery 1.1
other versions also can be affected.
###############################################

Directory Image Gallery contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "backwardDirectory" parameter in "photos.cfm" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

DB Manager XSS vuln.

2007-10-07T17:56:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 7 October 2007
Vendor:http://www.moderndayworld.com/Scripts/Products/?id=S-DM2.0
affected versions:DB Manager 2.0
other versions also can be affected.
###############################################

DB Manager contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "id" parameter in "Edit.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

dbList XSS vuln.

2007-10-07T17:54:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 7 October 2007
Vendor:http://www.livio.net/main/scripts.asp?file_id=24
affected versions:dbList v8.1
other versions also can be affected.
###############################################

dbList contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "table","db","strKeyWords","pagesize","sort" parameter isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

Helm XSS vuln.

2007-10-04T16:01:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 4 October 2007
Vendor:http://www.webhostautomation.com/
affected versions:3.2.16
other versions also can be affected.
###############################################

Helm contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "showOption" parameter in "domain.asp",
input passed to the "Folder" and "StartPath" parameter in "FileManager.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

OdysseySuite™ Internet Banking vuln.

2007-10-01T08:27:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 1 October 2007
Vendor:http://www.megasol.se/odysseysuite.asp
affected versions:current*
###############################################

OdysseySuite™ contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "idkey" parameter in "Mailbox.mws" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

==============================================
*Im not sure about vuln. version number.
"OdysseySuite - Small Business Edition" current downloadable version is 4.0.729.

for POC u can use demo:
http://banking.megasol.se/Login.mws

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

Freeside XSS vuln.

2007-09-25T04:09:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 25 September 2007
vendor:www.sisd.com
affected versions:Freeside v1.7.2
other versions also can be affected.
###############################################

Freeside contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "failed" parameter in "search/cust_bill_event.cgi" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

DirectAdmin <= v1.30.2 XSS vuln.

2007-09-09T17:03:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 10 September 2007
vendor:http://www.directadmin.com/
affected versions:v1.30.2 and previous
###############################################

DirectAdmin contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "user" parameter in "CMD_BANDWIDTH_BREAKDOWN" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Filter malicious characters and character sequences in a web proxy.
###############################################

Urchin 5.x Multiple XSS vuln.

2007-09-01T13:27:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 1 September 2007
vendor:www.roirevolution.com/urchin/
affected versions:tested on Urchin v5.6.00r2
other versions also can be affected.
###############################################

Urchin contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "dtc","vid","n","dt","ed","bd" parameter
in "urchin.cgi" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

Storesprite XSS vuln.

2007-08-09T17:28:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 10 August 2007
vendor:http://www.storesprite.com/
affected versions:Storesprite 7 and previous
###############################################

Storesprite contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "next" parameter in "secure/addaddress.php","secure/editshipdetails.php","secure/register.php",
"secure/login.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

phpMyAdmin multiple XSS vuln.

2007-08-09T16:09:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 10 August 2007
vendor:http://www.phpmyadmin.net/
affected versions:2.10.3 (latest stable version)
prior versions also can be affected.
###############################################

phpMyAdmin contains multiple flaws that allows a remote Cross-Site Scripting attacks.Input passed to the "unlim_num_rows","sql_query","pos" parameter in "tbl_export.php"
and "session_max_rows","pos" parameter in "sql.php" and "username" parameter in "server_privileges.php" and "sql_query" parameter in "main.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

VisionProject Multiple XSS vuln.

2007-08-06T14:29:00.001-07:00

###############################################
Vuln. discovered by : r0t
Date: 7 August 2007
vendor:www.visionproject.se
affected versions:VisionProject 3.1 and previous
###############################################

VisionProject contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "projectIssueId" parameter in "EditProjectIssue.do"
and "projectId" parameter in "ProjectSelected.do" and "folderId" parameter in "ProjectDocuments.do" and "sortField" parameter in "ProjectIssues.do" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

Snif XSS vuln.

2007-08-06T08:51:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 6 August 2007
vendor:http://www.bitfolge.de/snif-en.html
affected versions: Snif 1.5.2 and previous
###############################################

Snif contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "path" and "download" parameter in "index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

Blogger AntiSpam

2007-08-06T08:09:00.000-07:00

Hi Guys,
We have already some monthes new blog and new domain, old one was pridels.blogspot.com wich was pretty nice archive , but aprox 1 month ago i get mail from Blogger about Anti Spam action and they had temporary disabled our old blog , after i reported to review our old blog some another "expert" , in 2 days i get answer with apologise, and that our blog is back.If you have visited in last month you had seen nothing there just one garbage post..and i saw also only that only after login i recognized that they changed domain name to pridels0.blogspot.com,and its pitty , cauz i dont like that 0 and we lose our adress...
I didnt wanted to write this with my bad english, but i was waiting more than 2 weeks to get any answer about that problem.
I just wanted to tell that you can find our old blog @ http:///pridels0.blogspot.com/

PS. Our board and maybe website from us will be back in september @ pridels-team.com

OpenWebMail Multiple XSS vuln.

2007-08-02T04:26:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 2 August 2007
vendor:openwebmail.org
affected versions:2.52 20060831 and previous
###############################################

OpenWebMail contains multiple flaws that allows a remote Cross-Site Scripting attacks.

1. file "openwebmail-main.pl"

Input passed to the "searchtype" and "longpage" and "page" parameter isn't properly sanitised before being returned to the user.

2. file "openwebmail-prefs.pl"

Input passed to the:
"prefs_caller",
"userfirsttime",
"page",
"sort",
"folder",
"message_id"
parameter isn't properly sanitised before being returned to the user.

3. file "openwebmail-send.pl"

Input passed to the:
"compose_caller",
"msgdatetype",
"keyword",
"searchtype",
"folder",
"page",
"sort"
parameter isn't properly sanitised before being returned to the user.

4. file "openwebmail-folder.pl"

Input passed to the:
"folder",
"page",
"sort"
parameter isn't properly sanitised before being returned to the user.

5. file "openwebmail-webdisk.pl"

Input passed to the:
"searchtype",
"page",
"filesort",
"singlepage",
"showhidden",
"showthumbnail",
"message_id"
parameter isn't properly sanitised before being returned to the user.

6. file "openwebmail-advsearch.pl"

Input passed to the "folder" parameter isn't properly sanitised before being returned to the user.

7. file "openwebmail-abook.pl"

Input passed to the:

"abookcollapse",
"abooksearchtype",
"abooksort",
"abooklongpage",
"abookpage",
"message_id",
"searchtype",
"msgdatetype",
"sort",
"page",
"rootxowmuid",
"listviewmode"
parameter isn't properly sanitised before being returned to the user.

This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Note:
For manual testing use:
%22%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

OpenRat vuln.

2007-08-01T11:03:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 1 August 2007
vendor:www.openrat.de
affected versions:OpenRat CMS 0.8-beta1 and previous
###############################################

OpenRat contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "subaction" and "action" parameter in "index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

bonus:

by testing "action" parameter attacker will get full path disclosure.

If you can log in, you can check also "id" parameter for SQL injection.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

WebDirector XSS vuln.

2007-08-01T10:08:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 1 August 2007
vendor:www.webdirector.ru
affected versions:2.2 and previous
###############################################

WebDirector contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "deslocal" parameter in "webdirector/index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

Secure XSS vuln.

2007-07-25T04:04:00.001-07:00

###############################################
Vuln. discovered by : r0t
Date: 25 July 2007
vendor:http://www.formfields.com/secureArea/secureProduct.php
affected versions:v1.0.20070629 and previous
###############################################

Secure contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "user" and "pwd" parameter in "login.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

AdMan XSS vuln.

2007-07-25T04:03:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 25 July 2007
vendor:http://www.formfields.com/adManArea/adManProduct.php
affected versions:AdMan v1.0.20051202 - FF 3 Patch and previous
###############################################

AdMan contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "user" and "pwd" parameter in "login.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

DirectAdmin XSS vuln.

2007-06-28T06:23:00.001-07:00

###############################################
Vuln. discovered by : r0t
Date: 28 June 2007
vendor:http://www.directadmin.com
affected versions:v1.30.1 and previous
###############################################

DirectAdmin contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "domain" parameter in "CMD_USER_STATS" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

rwAuction Pro XSS vuln.

2007-06-27T02:27:00.001-07:00

###############################################
Vuln. discovered by : r0t
Date: 27 June 2007
vendor:http://www.rainworx.com/
affected versions:rwAuction Pro v5.0
other versions also can be affected.
###############################################

rwAuction Pro contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "search","show","searchtype","catid","searchtxt" parameter in "search.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Note: Input in "searchtxt" parameter was vuln. already in rwAuction Pro 4.x and still unpatched in 5.0 version.
ref:http://secunia.com/advisories/17905/
###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

QuickTalk guestbook sql inj.

2007-06-27T01:48:00.001-07:00

###############################################
Vuln. discovered by : r0t
Date: 27 June 2007
vendor:http://www.qt-cute.org/
affected versions: tested on QuickTalk guestbook 1.2
other versions also can be affected.
###############################################

QuickTalk guestbook contains a flaw that allows a remote sql injection attacks. Input passed to the "id" parameter in "qtg_msg_view.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

QuickTicket multiple sql inj.

2007-06-27T01:30:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 27 June 2007
vendor:http://www.qt-cute.org/
affected versions: tested on QuickTicket 1.2 build:20070621
other versions also can be affected.
###############################################

QuickTicket contains a flaw that allows a remote sql injection attacks.Input passed to the "dir","order" parameter in "qti_ind_member.php" isn't properly sanitised before being used in a SQL query..
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

I'm back

2007-06-23T08:43:00.000-07:00

What is up my friends? Sorry for disappearing without any info, had a lot of stuff going on. Anyways I have returned and am ready for some action! I've lost my icq contacts, my number is the same: 205910312.

ClickGallery Server vuln.

2007-06-22T08:07:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 2 May 2007
vendor:http://www.clicktech.com/
affected versions: 5.1 and previous
###############################################

1.
ClickGallery Server contains a flaw that allows a remote sql injection attacks.Input passed to the "image_id" parameter in "edit_image.asp" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2.
ClickGallery Server contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "from" parameter in "edit_image.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

access2asp XSS vuln.

2007-06-22T07:20:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 22 June 2007
vendor:http://www.access2asp.com/
affected versions: access2asp v4.5 and prior
###############################################

access2asp contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "od","search" to certain pages generated with access2asp isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

bosDataGrid XSS vuln.

2007-06-22T07:19:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 22 June 2007
vendor:http://www.bitego.com/
affected versions: 2.50 and prior
###############################################

bosDataGrid contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "GridSearch","gsearch" and "ParentID" parameter isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

phpRaider sql vuln.

2007-06-22T02:55:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 22 June 2007
vendor:http://phpraider.com/
affected versions: phpRaider v1.0.0.rc8
other versions also can be affected.
###############################################

phpRaider contains a flaw that allows a remote sql injection attacks.Input passed to the "id" and "type" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

PHPAccounts vuln.

2007-06-21T07:00:00.001-07:00

###############################################
Vuln. discovered by : r0t
Date: 21 June 2007
vendor:http://phpaccounts.com/
affected versions: PHPAccounts 0.5
other versions also can be affected.
###############################################

1.Local file inclussion
PHPAccounts contains a flaw that allows a Local file inclusion attacks.Input passed to the "page" parameter in "index.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources.

2. SQL Injection
PHPAccounts contains a flaw that allows a remote sql injection attacks.Input passed to the "Outgoing_Type_ID","Outgoing_ID","Project_ID","Client_ID","Invoice_ID","Vendor_ID" parameter in "index.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

netjukebox vuln.

2007-06-21T05:58:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 21 June 2007
vendor:http://www.netjukebox.nl/
affected versions: tested on "netjukebox 4.01b"
other versions also can be affected.
###############################################

netjukebox contains a flaws that allows a remote Cross-Site Scripting attacks.Input passed to the "album_id","order","sort","filter","genre_id" parameter in "index.php" isn't properly sanitised before being returned to the user.
And Input passed to the "url" parameter in "ridirect.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Also attacker by testing XSS vuln. parameters will get full install path.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

Interact Multiple XSS vuln.

2007-06-21T04:31:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 21 June 2007
vendor:www.interactole.org
affected versions: tested on "Interact 2.4 beta 1"
other versions also can be affected.
###############################################

Interact contains a multiple flaws that allows a remote Cross-Site Scripting attacks.Input passed to the "module_key" parameter in almost
all files wich use this parameter isn't properly sanitised before being returned to the user.
in example:
modules/kb/kb.php,
modules/quiz/runquiz.php
modules/quiz/quiz.php
modules/forum/forum.php
modules/forum/byname.php
modules/journal/journalview.php
And Input passed to the "tag_key" parameter in "modules/journal/journalview.php" isn't properly sanitised before being returned to the user.
And Input passed to the "user_group_key" parameter in "users/secureaccounts.php" isn't properly sanitised before being returned to the user.
And Input passed to the "request_uri" parameter in "login.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

Sporum Forum XSS vuln.

2007-06-12T01:41:00.001-07:00

###############################################
Vuln. discovered by : r0t
Date: 12 June 2007
vendor:http://sporum.js-x.com/
affected versions: 3.0.9 and prior
###############################################

Sporum Forum contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "view" and "mode" parameter in "comments.cgi" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

PHP Live! Support XSS vuln.

2007-06-12T00:21:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 12 June 2007
vendor:http://www.phplivesupport.com/
affected versions: 3.2.2 and prior
###############################################

PHP Live! contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "pagex" parameter in "request.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

W2B Online Banking vuln.

2007-05-29T15:12:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 29 may 2007
vendorlink:www.w2b.ru/OnlineBanking/index.php
affected versions:last/actual
###############################################

1.
W2B Online Banking contains a flaw that allows a remote sql injection attacks.Input passed to the "draft" parameter in "mailer.w2b" and "listDocPay" parameter in "DocPay.w2b" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2.
W2B Online Banking contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "adtype" parameter in "auth.w2b" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
how i missed that stuff? anyway it's just a bug sampler.
###############################################

GNATS XSS vuln

2007-05-19T05:58:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 19 May 2007
vendor:http://www.gnu.org/software/gnats/
affected versions: Gnatsweb v4.00, Gnats v4.1.99
###############################################

Gnats contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "database" parameter in "gnatsweb.pl" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

Track+ XSS vuln.

2007-05-19T03:53:00.001-07:00

###############################################
Vuln. discovered by : r0t
Date: 19 May 2007
vendor:http://www.trackplus.com/
affected versions: 3.3.2 and prior
###############################################

Track+ contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "projId" parameter in "reportItem.do" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

ClientExec XSS vuln.

2007-05-19T03:48:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 19 May 2007
vendor:http://clientexec.com/
affected versions: 3.0.0 beta2 other versions also can be affected.
###############################################

ClientExec contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "ticketID","view","fuse" parameter in "index.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

CandyPress™ Store XSS vuln.

2007-05-18T15:09:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 18 May 2007
vendor:http://www.candypress.com/
affected versions: v3.5.2.14 and prior
###############################################

CandyPress™ Store contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "brand" and "Msg" parameter in "scripts/prodList.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

Parodia XSS vuln.

2007-05-18T15:05:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 18 May 2007
vendor:http://parodia.net/
affected versions: v6.4 and prior
###############################################

Parodia contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "strJobIDs" parameter in "cand_login.asp" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

vDeck WebMail System XSS vuln.

2007-05-16T10:23:00.000-07:00

###############################################
Vuln. discovered by : r0t
Date: 16 May 2007
vendor:http://vdeck.com/
affected versions: 4.03,other versions also can be affected.
###############################################

vDeck WebMail System contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "type" parameter in "printcal.pl" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

Pridels Team is Back!

2007-05-16T10:01:00.000-07:00

Hi guys, it was a big breakdown and now is time to post some "daily" garbage with unsecured systems.I made new blog , cauz i cant find mine pwd for it.I think after month that we will set our board back.Now im here with VietMafia, der4444 . I hope that we will see cembo again.

r0t