Websecurity - Веб безпека

В даній добірці експлоіти в веб додатках:

• Joomla Component com_jumi (fileid) Blind SQL Injection Exploit (деталі)
• The Recipe Script 5 Remote XSS Vulnerability (деталі)
• phportal v1 (topicler.php id) Remote SQL Injection Vulnerability (деталі)
• vBulletin Radio and TV Player Add-On HTML Injection Vulnerability (деталі)
• Netgear DG632 Router Remote Denial of Service Vulnerability (деталі)
• Netgear DG632 Router Authentication Bypass Vulnerability (деталі)
• phpCollegeExchange 0.1.5c (listing_view.php itemnr) SQL Injection Vuln (деталі)
• Joomla Component com_ijoomla_rss Blind SQL Injection Exploit (деталі)
• XOOPS <= 2.3.3 Remote File Disclosure Vulnerability (.htaccess) (деталі)
• phpFK 7.03 (page_bottom.php) Local File Inclusion Vulnerability (деталі)
• phportal 1.0 Insecure Cookie Handling Vulnerability (деталі)
• FretsWeb 1.2 (name) Remote Blind SQL Injection Exploit (деталі)
• FretsWeb 1.2 Multiple Local File Inclusion Vulnerabilities (деталі)
• fuzzylime cms <= 3.03a Local Inclusion / Arbitrary File Corruption PoC (деталі)
• Exploits BLIND SQL INJECTION (GET var ‘AlbumID’) RTWebalbum 1.0.462 (деталі)

В даній добірці експлоіти в веб додатках:

• Zip Store Chat 4.0/5.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Uebimiau Web-Mail <= v3.2.0-1.8 Remote File / Overwrite Vulnerabilities (деталі)
• TransLucid 1.75 Multiple Remote Vulnerabilities (деталі)
• TBDev 01-01-2008 Multiple Remote Vulnerabilities (деталі)
• Pivot 1.40.4-7 Multiple Remote Vulnerabilities (деталі)
• Apple Safari & Quicktime Denial of Service Vulnerability (деталі)
• Evernew Free Joke Script 1.2 Remote Change Password Exploit (деталі)
• AdaptWeb 0.9.2 (LFI/SQL) Multiple Remote Vulnerabilities (деталі)
• Elvin BT S 1.2.0 Multiple Remote Vulnerabilities (деталі)
• DB Top Sites 1.0 (index.php u) Local File Inclusion Vulnerability (деталі)
• DB Top Sites 1.0 Remote Command Execution Exploit (деталі)
• FormMail 1.92 Multiple Remote Vulnerabilities (деталі)
• SugarCRM 5.2.0e Remote Code Execution Vulnerability (деталі)
• Mundi Mail 0.8.2 (top) Remote File Inclusion Vulnerability (деталі)
• Exploits IceWarp WebMail Server: Client-Side Specification of “Forgot Password” eMail Content (деталі)

В даній добірці експлоіти в веб додатках:

• phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit (деталі)
• Joomla Component com_vehiclemanager 1.0 RFI Vulnerability (деталі)
• Joomla Component com_realestatemanager 1.0 RFI Vulnerability (деталі)
• MRCGIGUY Hot Links (report.php id) Remote SQL Injection Vulnerability (деталі)
• MRCGIGUY The Ticket System 2.0 PHP Multiple Remote Vulnerabilities (деталі)
• Open Biller 0.1 (username) Blind SQL Injection Exploit (деталі)
• Splog <= 1.2 Beta Multiple Remote SQL Injection Vulnerabilities (деталі)
• phpWebThings <= 1.5.2 (help.php module) Local File Inclusion Vuln (деталі)
• Sniggabo CMS (article.php id) Remote SQL Injection Exploit (деталі)
• Yogurt 0.3 (XSS/SQL Injection) Multiple Remote Vulnerabilities (деталі)
• TorrentVolve 1.4 (deleteTorrent) Delete Arbitrary File Vulnerability (деталі)
• phpWebThings <= 1.5.2 MD5 Hash Retrieve/File Disclosure Exploit (деталі)
• Campus Virtual-LMS (XSS/SQL Injection) Multiple Remote Vulnerabilities (деталі)
• 4images <= 1.7.7 Filter Bypass HTML Injection/XSS Vulnerability (деталі)
• Exploits BLIND SQL INJECTION EXPLOIT TemaTres 1.0.3 (деталі)

В даній добірці експлоіти в веб додатках:

• Frontis 3.9.01.24 (source_class) Remote SQL Injection Vulnerability (деталі)
• Joomla Component BookLibrary 1.5.2.4 Remote File Inclusion Vulnerability (деталі)
• Apple Safari <= 3.2.x (XXE attack) Local File Theft Vulnerability (деталі)
• Free Download Manager 2.5/3.0 (Control Server) Remote BOF Exploit (деталі)
• S-CMS <= 2.0b3 (username) Blind SQL Injection Exploit (деталі)
• S-CMS <= 2.0b3 Multiple SQL Injection Vulnerabilities (деталі)
• S-CMS <= 2.0b3 Multiple Local File Inclusion Vulnerabilities (деталі)
• Joomla Component com_media_library 1.5.3 RFI Vulnerability (деталі)
• Joomla Component Akobook 2.3 (gbid) SQL Injection Vulnerability (деталі)
• MRCGIGUY FreeTicket (CH/SQL) Multiple Remote Vulnerabilities (деталі)
• Desi Short URL Script (Auth Bypass) Insecure Cookie Handling Vuln (деталі)
• School Data Navigator (page) Local/Remote File Inclusion Vulnerability (деталі)
• LightNEasy sql/no-db <= 2.2.x system Config Disclosure Exploit (деталі)
• DX Studio Player < 3.0.29.1 Firefox plug-in Command Injection Vuln (деталі)
• Exploits IceWarp WebMail Server: SQL Injection in Groupware Component (деталі)

В даній добірці експлоіти в веб додатках:

• VT-Auth 1.0 (zHk8dEes3.txt) File Disclosure Vulnerability (деталі)
• MyCars Automotive (Auth Bypass) SQL Injection Vulnerability (деталі)
• Joomla Component MooFAQ (com_moofaq) LFI Vulnerability (деталі)
• httpdx <= 0.8 FTP Server Delete/Get/Create Directories/Files Exploit (деталі)
• Interlogy Profile Manager Basic Insecure Cookie Handling Vulnerability (деталі)
• Virtue Shopping Mall (cid) Remote SQL Injection Vulnerability (деталі)
• Virtue Book Store (cid) Remote SQL Injection Vulnerability (деталі)
• Virtue Classifieds (category) SQL Injection Vulnerability (деталі)
• Shop Script Pro 2.12 Remote SQL Injection Exploit (деталі)
• Joomla Component com_portafolio (cid) SQL injection Vulnerability (деталі)
• Automated Link Exchange Portal 1.3 Multiple Remote Vulnerabilities (деталі)
• DM FileManager 3.9.2 Insecure Cookie Handling Vulnerability (деталі)
• Grestul 1.2 Remote Add Administrator Account Exploit (деталі)
• Virtue News (SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• Exploits BLIND SQL INJECTION Leap CMS 0.1.4 (деталі)

В даній добірці експлоіти в веб додатках:

• Kloxo 5.75 (24 Issues) Multiple Remote Vulnerabilities (деталі)
• Host Directory PRO 2.1.0 Remote Change Admin Password Exploit (деталі)
• Web Directory PRO Remote Database Backup Vulnerability (деталі)
• Host Directory PRO 2.1.0 Remote Database Backup Vulnerability (деталі)
• Web Directory PRO (admins.php) Change Admin Password Exploit (деталі)
• SuperCali PHP Event Calendar Arbitrary Change Admin Password Exploit (деталі)
• OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit (деталі)
• Kjtechforce mailman b1 (dest) Remote Blind SQL Injection Exploit (деталі)
• Kjtechforce mailman b1 (code) SQL Injection Delete Row Vulnerability (деталі)
• Pixelactivo 3.0 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Pixelactivo 3.0 (idx) Remote SQL Injection Vulnerability (деталі)
• PeaZIP <= 2.6.1 Compressed Filename Command Injection Exploit (деталі)
• Joomla Component com_school 1.4 (classid) SQL Injection Vulnerability (деталі)
• fipsCMS Light 2.1 (db.mdb) Remote Database Disclosure Vulnerability (деталі)
• USER OPTIONS CHANGER EXPLOIT MiniTwitter v0.2-Beta (деталі)

В даній добірці експлоіти в веб додатках:

• Online Grades & Attendance 3.2.6 Multiple Local File Inclusion Vulns (деталі)
• WebCal (webCal3_detail.asp event_id) SQL Injection Vulnerability (деталі)
• Joomla Component Seminar 1.28 (id) Blind SQL Injection Exploit (деталі)
• Podcast Generator <= 1.2 unauthorized Re-Installation Remote Exploit (деталі)
• EgyPlus 7ml <= 1.0.1 (Auth Bypass) SQL Injection Vulnerability (деталі)
• My Mini Bill (orderid) Remote SQL Injection Vulnerability (деталі)
• Podcast Generator <= 1.2 GLOBALS[] Multiple Remote Vulnerabilities (деталі)
• WebEyes Guest Book v.3 (yorum.asp mesajid) SQL Injection Vulnerability (деталі)
• PropertyMax Pro FREE (SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• Joomla Component com_mosres Multiple SQL Injection Vulnerabilities (деталі)
• Movie PHP Script 2.0 (init.php anticode) Code Execution Vulnerability (деталі)
• Joomla Omilen Photo Gallery 0.5b Local File Inclusion Vulnerability (деталі)
• Supernews 2.6 (index.php noticia) Remote SQL Injection Vulnerability (деталі)
• OCS Inventory NG 1.02 Remote File Disclosure Vulnerability (деталі)
• Simple DNS Plus 5.0/4.1 < remote Denial of Service exploit (деталі)

В цьому місяці, окрім XSS уразливості та знайдених мною XSS уразливостей, в IPB також були знайдені інші уразливості.

Зокрема були виявлені Local File Inclusion та SQL Injection уразливості в Invision Power Board. LFI дозволяє інклюдити php-файли на сервері та працює лише на 3.0.x версіях IPB, а SQL Injection працює в 2.x та 3.0.x версіях движка.

Уразливі Invision Power Board 3.0.4 та попередні версії.

• Invision Power Board 3.0.4 Local PHP File Inclusion and SQL Injection (деталі)

В даному advisory також наводяться патчі для IPB 2.3.6 та 3.0.4.

В даній добірці експлоіти в веб додатках:

• Escon SupportPortal Pro 3.0 (tid) Blind SQL Injection Vulnerability (деталі)
• Unclassified NewsBoard 1.6.4 Multiple Remote Vulnerabilities (деталі)
• ASP Football Pool 2.3 Remote Database Disclosure Vulnerability (деталі)
• AdaptBB 1.0 (forumspath) Remote File Inclusion Vulnerability (деталі)
• PAD Site Scripts 3.6 Remote Arbitrary Database Backup Vulnerability (деталі)
• R2 Newsletter Lite/Pro/Stats (admin.mdb) Database Disclosure Vuln (деталі)
• ecsportal rel 6.5 (article_view_photo.php id) SQL Injection Vulnerability (деталі)
• Joomla Component Joomlaequipment 2.0.4 (com_juser) SQL Injection (деталі)
• ASMAX AR 804 gu Web Management Console Arbitrary Command Exec (деталі)
• Online Grades & Attendance 3.2.6 Multiple SQL Injection Vulnerabilities (деталі)
• Online Grades & Attendance 3.2.6 Credentials Changer SQL Exploit (деталі)
• Flashlight Free Edition (LFI/SQL) Multiple Remote Vulnerabilities (деталі)
• AlstraSoft Article Manager Pro Remote Shell Upload Vulnerability (деталі)
• Online Grades & Attendance 3.2.6 Blind SQL Injection Exploit (деталі)
• Alice BackDoor hash creator (деталі)

В даній добірці експлоіти в веб додатках:

• AMember 3.1.7 (XSS/SQL/HI) Multiple Remote Vulnerabilities (деталі)
• Small Pirates v-2.1 (XSS/SQL) Multiple Remote Vulnerabilities (деталі)
• Traidnt Up 2.0 (Auth Bypass / Cookie) SQL Injection Vulnerability (деталі)
• Million Dollar Text Links <= 1.0 (id) SQL injection Vulnerability (деталі)
• ZeusCart <= 2.3 (maincatid) SQL Injection Vulnerability (деталі)
• Arab Portal 2.2 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• ecshop 2.6.2 Multiple Remote Command Execution Vulnerabilities (деталі)
• Zen Help Desk 2.1 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Webboard <= v.2.90 beta Remote File Disclosure Vulnerability (деталі)
• Linksys WAG54G2 Web Management Console Arbitrary Command Exec (деталі)
• RadCLASSIFIEDS Gold v2 (seller) Remote SQL Injection Exploit (деталі)
• OCS Inventory NG 1.02 Multiple SQL Injection Vulnerabilities (деталі)
• eliteCMS 1.01 (SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• Open-school 1.0 (id) Remote SQL Injection Vulnerability (деталі)
• Exploits WysGui CMS 1.2 BETA(cookie) BSQL (деталі)