Friday, May 05, 2006

(c)2005-Comments-Script - XSS Vulnerability


(c)2005-Comments-Script - XSS Vulnerability
--------------------------------------------------------
Software: (c)2005-Comments-Script
Version:
Type: XSS Vulnerability
Date: Mai 5 20:45:53 CEST 2006
Vendor: Www.Goël.Ch
Page: http://xn--gol-kma.ch
Risc: low

credits:
----------------------------
d4igoro - d4igoro[at]gmail[dot]com
http://d4igoro.blogspot.com/

vulnerability:
----------------------------
http://[target]/kommentar.php?id=[XSS]

solution:
----------------------------
validate $id


notes:
----------------------------
The vendor has been informed.

Dynamic Galerie 1.0 - path traversal + XSS Vulnerability


Dynamic Galerie 1.0 - path traversal + XSS Vulnerability
--------------------------------------------------------
Software: Dynamic Galerie
Version: 1.0
Type: path traversal + XSS Vulnerability
Date: Mai 5 19:45:53 CEST 2006
Vendor: timo braun
Page: http://www.timobraun.de/
Risc: middle

credits:
----------------------------
d4igoro - d4igoro[at]gmail[dot]com
http://d4igoro.blogspot.com/

vulnerability:
----------------------------
http://[target]/index.php?pfad=/tmp/
http://[target]/galerie.php?pfad=/home/

http://[target]/index.php?pfad=[XSS]
http://[target]/galerie.php?id=[XSS]


solution:
----------------------------
validate $pfad, $id


notes:
----------------------------
The vendor has been informed.

Tuesday, May 02, 2006

321soft PhP Gallery 0.9 - directory travel & XSS


321soft PhP Gallery 0.9 - directory travel & XSS
--------------------------------------------------------
Software: 321soft PhP Gallery
Version: 0.9
Type: directory travel & XSS
Date: Mai 3 01:38:04 CEST 2006
Vendor: 321soft.de
Page: http://321soft.de/
Risc: Middle

credits:
----------------------------
d4igoro - d4igoro[at]gmail[dot]com
http://d4igoro.blogspot.com/

vulnerability:
----------------------------
http://[target]/index.php?path=/etc
http://[target]/index.php?path=/tmp

http://[target]/index.php?path=[XSS]

solution:
----------------------------
index.php
fix $path

notes:
----------------------------
The vendor has been informed.

PHP Linkliste 1.0b - XSS


Linpha - XSS Vulnerabilities
--------------------------------------------------------
Software: PHP Linkliste
Version: 1.0b
Type: Cross Site Scripting Vulnerability
Date: Wed Mai 3 00:45:02 CEST 2006
Vendor: php design x
Page: http://www.php-designx.de
Risc: middle

credits:
----------------------------
d4igoro - d4igoro[at]gmail[dot]com
http://d4igoro.blogspot.com/

vulnerability:
----------------------------
http://[target]/links.php?new_input=[XSS]&new_url=[XSS]&new_name=[XSS]
the content is written in links.dat which have chmod 777 (readme)

solution:
----------------------------
validate in links.php all formfields.

PHPKB Knowledge Base - XSS


http://www.knowledgebase-script.com/demo/search.php?searchkeyword=[XSS]


update:
the vendor have informed me that there is no hole.
i only had a look on the online demo. if you want you can send me a fullversion. :)

and sorry guys i didnt post it to http://secunia.com/

Monday, May 01, 2006

myvideo.de Xss


myvideo.de is a new site for free-video-hosting.

in all formfields i saw, it was possible to include javascript-code.
the use unsecure-cookies, so it is easy to steal them and login as another person.

examples:

http://www.myvideo.de/watch/xy (comment-box)
http://www.myvideo.de/online/page.php?P=xy&U_ID=xy (profil)
http://www.myvideo.de/online/page.php?P=xy&volltext=[XSS]&Submit=Suche (search-box)