Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple Vu

from [PersianHacker Team] Network Security [Permanent Link]
Subject: [PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple Vulnerbilities
Date: 29 Mar 2005 13:15:12 -0000 


[PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple 
Vulnerbilities
Date: 2005 03
Bug Number: 11

Ublog
Ublog reload is a complete ASP weblog system.
More info @:
http://www.uapplication.com


Discussion:
--------------------
What are the bugs ?
1) Cross-Site Scripting that lets attackers can inject HTML or Script.
2) Default Database Name.

Description bugs
1)
Input passed to the "msg" parameter in "login.asp" isn't properly sanitised 
before being returned to the user.
Example : 
2)
The problem is that the database file "mdb-database/ublogreload.mdb" is located 
inside the web root. so attackers can download it and disclose user/password of 
admin.
attention : the admin's password is in the hash formating.

Exploit:
--------------------
http://www.example.com/login.asp?msg=&lt;script&gt;alert(XSS)&lt;/script&gt;
http://www.example.com/mdb-database/ublogreload.mdb


Solution:
--------------------
Upgrade to ublog reaload version 1.0.5


Credit:
--------------------
Discovered by PersianHacker.NET Security Team
by 3nitro (3nitro [AT] persianhacker [DOT] net)
http://www.PersianHacker.NET

Special Thanks: Pi3cH


Help
--------------------
visit: http://www.PersianHacker.NET
or mail me @: 3nitro [AT] persianhacker [DOT] net


Note
--------------------
scripts authors contacted for this bug.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple Vulnerbilities, PersianHacker Team <=
Previous by Date:  Multiple phpCoin Vulnerabilities, GulfTech Security Research
Next by Date:  Portcullis Security Advisory 05-011 ACPI 1.6 BIOS, Paul J Docherty
Previous by Thread:  Multiple phpCoin Vulnerabilities, GulfTech Security Research
Next by Thread:  Portcullis Security Advisory 05-011 ACPI 1.6 BIOS, Paul J Docherty
Indexes:  [Date] [Thread] [Top] [All Lists]