Websecurity - Веб безпека

В даній добірці експлоіти в веб додатках:

• Kloxo 5.75 (24 Issues) Multiple Remote Vulnerabilities (деталі)
• Host Directory PRO 2.1.0 Remote Change Admin Password Exploit (деталі)
• Web Directory PRO Remote Database Backup Vulnerability (деталі)
• Host Directory PRO 2.1.0 Remote Database Backup Vulnerability (деталі)
• Web Directory PRO (admins.php) Change Admin Password Exploit (деталі)
• SuperCali PHP Event Calendar Arbitrary Change Admin Password Exploit (деталі)
• OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit (деталі)
• Kjtechforce mailman b1 (dest) Remote Blind SQL Injection Exploit (деталі)
• Kjtechforce mailman b1 (code) SQL Injection Delete Row Vulnerability (деталі)
• Pixelactivo 3.0 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Pixelactivo 3.0 (idx) Remote SQL Injection Vulnerability (деталі)
• PeaZIP <= 2.6.1 Compressed Filename Command Injection Exploit (деталі)
• Joomla Component com_school 1.4 (classid) SQL Injection Vulnerability (деталі)
• fipsCMS Light 2.1 (db.mdb) Remote Database Disclosure Vulnerability (деталі)
• USER OPTIONS CHANGER EXPLOIT MiniTwitter v0.2-Beta (деталі)

В даній добірці експлоіти в веб додатках:

• Online Grades & Attendance 3.2.6 Multiple Local File Inclusion Vulns (деталі)
• WebCal (webCal3_detail.asp event_id) SQL Injection Vulnerability (деталі)
• Joomla Component Seminar 1.28 (id) Blind SQL Injection Exploit (деталі)
• Podcast Generator <= 1.2 unauthorized Re-Installation Remote Exploit (деталі)
• EgyPlus 7ml <= 1.0.1 (Auth Bypass) SQL Injection Vulnerability (деталі)
• My Mini Bill (orderid) Remote SQL Injection Vulnerability (деталі)
• Podcast Generator <= 1.2 GLOBALS[] Multiple Remote Vulnerabilities (деталі)
• WebEyes Guest Book v.3 (yorum.asp mesajid) SQL Injection Vulnerability (деталі)
• PropertyMax Pro FREE (SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• Joomla Component com_mosres Multiple SQL Injection Vulnerabilities (деталі)
• Movie PHP Script 2.0 (init.php anticode) Code Execution Vulnerability (деталі)
• Joomla Omilen Photo Gallery 0.5b Local File Inclusion Vulnerability (деталі)
• Supernews 2.6 (index.php noticia) Remote SQL Injection Vulnerability (деталі)
• OCS Inventory NG 1.02 Remote File Disclosure Vulnerability (деталі)
• Simple DNS Plus 5.0/4.1 < remote Denial of Service exploit (деталі)

В цьому місяці, окрім XSS уразливості та знайдених мною XSS уразливостей, в IPB також були знайдені інші уразливості.

Зокрема були виявлені Local File Inclusion та SQL Injection уразливості в Invision Power Board. LFI дозволяє інклюдити php-файли на сервері та працює лише на 3.0.x версіях IPB, а SQL Injection працює в 2.x та 3.0.x версіях движка.

Уразливі Invision Power Board 3.0.4 та попередні версії.

• Invision Power Board 3.0.4 Local PHP File Inclusion and SQL Injection (деталі)

В даному advisory також наводяться патчі для IPB 2.3.6 та 3.0.4.

В даній добірці експлоіти в веб додатках:

• Escon SupportPortal Pro 3.0 (tid) Blind SQL Injection Vulnerability (деталі)
• Unclassified NewsBoard 1.6.4 Multiple Remote Vulnerabilities (деталі)
• ASP Football Pool 2.3 Remote Database Disclosure Vulnerability (деталі)
• AdaptBB 1.0 (forumspath) Remote File Inclusion Vulnerability (деталі)
• PAD Site Scripts 3.6 Remote Arbitrary Database Backup Vulnerability (деталі)
• R2 Newsletter Lite/Pro/Stats (admin.mdb) Database Disclosure Vuln (деталі)
• ecsportal rel 6.5 (article_view_photo.php id) SQL Injection Vulnerability (деталі)
• Joomla Component Joomlaequipment 2.0.4 (com_juser) SQL Injection (деталі)
• ASMAX AR 804 gu Web Management Console Arbitrary Command Exec (деталі)
• Online Grades & Attendance 3.2.6 Multiple SQL Injection Vulnerabilities (деталі)
• Online Grades & Attendance 3.2.6 Credentials Changer SQL Exploit (деталі)
• Flashlight Free Edition (LFI/SQL) Multiple Remote Vulnerabilities (деталі)
• AlstraSoft Article Manager Pro Remote Shell Upload Vulnerability (деталі)
• Online Grades & Attendance 3.2.6 Blind SQL Injection Exploit (деталі)
• Alice BackDoor hash creator (деталі)

В даній добірці експлоіти в веб додатках:

• AMember 3.1.7 (XSS/SQL/HI) Multiple Remote Vulnerabilities (деталі)
• Small Pirates v-2.1 (XSS/SQL) Multiple Remote Vulnerabilities (деталі)
• Traidnt Up 2.0 (Auth Bypass / Cookie) SQL Injection Vulnerability (деталі)
• Million Dollar Text Links <= 1.0 (id) SQL injection Vulnerability (деталі)
• ZeusCart <= 2.3 (maincatid) SQL Injection Vulnerability (деталі)
• Arab Portal 2.2 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• ecshop 2.6.2 Multiple Remote Command Execution Vulnerabilities (деталі)
• Zen Help Desk 2.1 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Webboard <= v.2.90 beta Remote File Disclosure Vulnerability (деталі)
• Linksys WAG54G2 Web Management Console Arbitrary Command Exec (деталі)
• RadCLASSIFIEDS Gold v2 (seller) Remote SQL Injection Exploit (деталі)
• OCS Inventory NG 1.02 Multiple SQL Injection Vulnerabilities (деталі)
• eliteCMS 1.01 (SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• Open-school 1.0 (id) Remote SQL Injection Vulnerability (деталі)
• Exploits WysGui CMS 1.2 BETA(cookie) BSQL (деталі)

В даній добірці експлоіти в веб додатках:

• Safari RSS feed:// Buffer Overflow via libxml2 Exploit PoC (деталі)
• RoomPHPlanning 1.6 Multiple Remote Vulnerabilities (деталі)
• Dokuwiki 2009-02-14 Remote/Temporary File Inclusion exploit (деталі)
• Joomla Component Com_Agora 3.0.0 RC1 Remote File Upload Vulnerability (деталі)
• WebMember 1.0 (formID) Remote SQL Injection Vulnerability (деталі)
• ZeeCareers 2.0 (addadminmembercode.php) Add Admin Exploit (деталі)
• phpBugTracker 1.0.3 (Auth Bypass) SQL Injection Vulnerability (деталі)
• ShaadiClone 2.0 (addadminmembercode.php) Add Admin Exploit (деталі)
• Million Dollar Text Links 1.x Insecure Cookie Handling Vulnerability (деталі)
• Easy Px 41 CMS v09.00.00B1 (fiche) Local File Inclusion Vulnerability (деталі)
• Joomla Component AgoraGroup 0.3.5.3 Blind SQL Injection Vulnerability (деталі)
• Evernew Free Joke Script 1.2 (cat_id) Remote SQL Injection Vulnerability (деталі)
• SiteX <= 0.7.4.418 (THEME_FOLDER) Local File Inclusion Vulnerabilities (деталі)
• AdPeeps 8.5d1 XSS and HTML Injection Vulnerabilities (деталі)
• Geeklog <= 1.5.2 savepreferences()/*blocks[] remote sql injection exploit (деталі)

В даній добірці експлоіти в веб додатках:

• ZaoCMS (user_id) Remote SQL Injection Vulnerability (деталі)
• phpWebFileManager 1.11 Multiple Remote Vulnerabilities (деталі)
• Mole Group Restaurant Directory Script 3.0 Change Admin Pass Vuln (деталі)
• Mole Group Sky Hunter/Bus Ticket Scripts Change Admin Pass Exploit (деталі)
• ZaoCMS (PhpCommander) Arbitary Remote File Upload Vulnerability (деталі)
• ZaoCMS (user_updated.php) Remote Change Password Exploit (деталі)
• Dokuwiki 2009-02-14 Local File Inclusion Vulnerability (деталі)
• Joomla Boy Scout Advancement 0.3 (id) SQL Injection Exploit (деталі)
• MiniTwitter 0.3-Beta (SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• Flash Image Gallery 1.1 Arbitrary Config File Disclosure Vulnerability (деталі)
• MyForum 1.3 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Kensei Board <= 2.0.0b Multiple SQL Injection Vulnerabilities (деталі)
• Joomla Component com_rsgallery2 1.14.x/2.x Remote Backdoor Vuln (деталі)
• Flax Article Manager 1.1 (Cookie Bypass) SQL Injection Vulnerability (деталі)
• Geeklog <=1.5.2 SEC_authenticate()/PHP_AUTH_USER sql injection exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Mac OS X Java applet Remote Deserialization Remote PoC (updated) (деталі)
• Jorp 1.3.05.09 Remote Arbitrary Remove Projects/Tasks Vulnerabilities (деталі)
• bSpeak 1.10 (forumid) Remote Blind SQL Injection Vulnerability (деталі)
• PHP Article Publisher Arbitrary Auth Bypass Vulnerability (деталі)
• DMXReady Registration Manager 1.1 Arbitrary File Upload Vulnerability (деталі)
• Article Directory (Auth Bypass) SQL Injection Vulnerability (деталі)
• Job Script 2.0 Arbitrary Shell Upload Vulnerability (деталі)
• Flash Quiz Beta 2 Multiple Remote SQL Injection Vulnerabilities (деталі)
• ASP Inline Corporate Calendar (SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• VICIDIAL 2.0.5-173 (Auth Bypass) SQL Injection Vulnerability (деталі)
• ZaoCMS (download.php) Remote File Disclosure Vulnerability (деталі)
• ZaoCMS Insecure Cookie Handling Vulnerability (деталі)
• Article Directory (page.php) Remote Blind SQL Injection Vulnerability (деталі)
• Tutorial Share <= 3.5.0 Insecure Cookie Handling Vulnerability (деталі)
• Exjune Guestbook v2 Remote Database Disclosure Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Namad (IMenAfzar) 2.0.0.0 Remote File Disclosure Vulnerability (деталі)
• KingSoft Web Shield <= 1.1.0.62 XSS/Code Execution Vulnerability (деталі)
• DM FileManager 3.9.2 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Dog Pedigree Online Database 1.0.1b Blind SQL Injection Exploit (деталі)
• Dog Pedigree Online Database 1.0.1b Insecure Cookie Handling Vuln (деталі)
• Dog Pedigree Online Database 1.0.1b Multiple SQL Injection Vulns (деталі)
• VidShare Pro (SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• Coppermine Photo Gallery <= 1.4.22 Remote Exploit (деталі)
• Realty Web-Base 1.0 (list_list.php id) SQL Injection Vulnerability (деталі)
• NC LinkList 1.3.1 Remote Command Injection Exploit (деталі)
• NC GBook 1.0 Remote Command injection Exploit (деталі)
• Catviz 0.4.0b1 (LFI/XSS) Multiple Remote Vulnerabilities (деталі)
• exJune Officer Message System v1 Multiple Remote Vulnerabilities (деталі)
• Joomla Casino 0.3.1 Multiple SQL Injection Exploits (деталі)
• Family Connections <= 1.8.2 - Remote Shell Upload Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Dana Portal Remote Change Admin Password Exploit (деталі)
• DOURAN Portal <= 3.9.0.23 Multiple Remote Vulnerabilities (деталі)
• ClanWeb 1.4.2 Remote Change Password / Add Admin Exploit (деталі)
• httpdx <= 0.5b FTP Server (USER) Remote BOF Exploit (SEH) (деталі)
• httpdx <= 0.5b FTP Server (CWD) Remote BOF Exploit (SEH) (деталі)
• Joomla com_gsticketsystem (catid) Blind SQL Injection Exploit (деталі)
• VidShare Pro Arbitrary Shell Upload Vulnerability (деталі)
• PHP Article Publisher Remote Change Admin Password Exploit (деталі)
• DGNews 3.0 Beta (id) Remote SQL Injection Vulnerability (деталі)
• MaxCMS 2.0 (inc/ajax.asp) Remote SQL Injection Vulnerability (деталі)
• Jieqi CMS <= 1.5 Remote Code Execution Exploit (деталі)
• LightOpenCMS 0.1 (id) Remote SQL Injection Vulnerability (деталі)
• Mereo 1.8.0 (Get Request) Remote Denial of Service Exploit (деталі)
• PAD Site Scripts 3.6 Insecure Cookie Handling Vulnerability (деталі)
• glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit (деталі)