標籤 Hacker Research 下的所有文章

phpwind v8.7 XSS (Cross-site Scripting) Web Security Vulnerabilities

phpwind_xss1

 

phpwind v8.7 XSS (Cross-site Scripting) Web Security Vulnerabilities

 

Exploit Title: phpwind v8.7 goto.php? &url Parameter XSS Security Vulnerabilities

Product: phpwind

Vendor: phpwind

Vulnerable Versions: v8.7

Tested Version: v8.7

Advisory Publication: May 25, 2015

Latest Update: May 25, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

 

Caution Details:

 

(1) Vendor & Product Description:

Vendor:

phpwind

 

Product & Vulnerable Versions:

phpwind

v8.7

 

Vendor URL & Download:

Product can be obtained from here,

http://www.phpwind.net/thread/166

 

Product Introduction Overview:

“phpwind (abbreviation: pw) is a program based on PHP and MySQL open source community, and is one of the most popular general-Forum. phpwind ofstar first version was released in 2004. As of December 2013 phpwind brand items calculated by Ali cloud Co., Ltd. has, fully free open source software. Now accumulated more than one million websites use phpwind products, of which nearly 100,000 active website. Since the 2011 release PHPWind8.x series version, phpwind enhance community around the content value and promote community e-commerce two general direction of the development of multi-mode single-core products and achieve new forms of community. 2012 preparations for the release of phpwind9.0 will use self-developed Windframework phpwind framework and integrated computing architecture and so on Ali community cloud platform application center will provide a variety of solutions for future communities.

Today, the country’s 200,000 worth of small sites, there are nearly 100,000 community site uses phpwind, has accumulated more than one million sites use phpwind, there are 1,000 new sites every day use phpwind. These community sites covering 52 types of trades every day one million people gathered in phpwind build community, issued 50 million new information, visit more than one billion pages.

National Day PV30 million or more in 1000 about a large community, there are more than 500 sites selected phpwind station software provided, including by scouring link Amoy satisfaction, a daily e-commerce and marketing groups, and other on-line product vigorously increase in revenue for the site. Excellent partners, such as Xiamen fish, of Long Lane, Erquan network, Kunshan forum, the North Sea 360, Huizhou West Lake, Huashang like."

 

 

 

(2) Vulnerability Details:

phpwind web application has a computer cyber security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. phpwind has patched some of them. CXSECurity is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications. It also publishes suggestions, advisories, solutions details related to XSS vulnerabilities and cyber intelligence recommendations.

 

(2.1) The first programming code flaw occurs at “&url" parameter in “/goto.php?" page.

 

 

 

 

 

References:

http://www.tetraph.com/security/xss-vulnerability/phpwind-v8-7-xss/

http://www.inzeed.com/kaleidoscope/computer-security/phpwind-v8-7-xss/

https://webtechwire.wordpress.com/2015/05/24/phpwind-v8-7-xss/

http://diebiyi.com/articles/security/phpwind-v8-7-xss/

http://securityrelated.blogspot.com/2015/05/phpwind-v87-xss.html

https://www.facebook.com/permalink.php?story_fbid=939922519396264&id=874373602617823

https://itswift.wordpress.com/2015/05/24/phpwind-v8-7-xss/

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01904.html

http://whitehatpost.blog.163.com/blog/static/24223205420154248491580/

http://cxsecurity.com/issue/WLB-2015040033

http://seclists.org/fulldisclosure/2015/Apr/38

https://www.facebook.com/essayjeans/posts/832797850144702

https://www.bugscan.net/#!/x/21257

http://lists.openwall.net/full-disclosure/2015/04/05/9

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1954

Web Technology Wire

phpwind_xss1

phpwind v8.7 XSS (Cross-site Scripting) Web Security Vulnerabilities

Exploit Title: phpwind v8.7 goto.php? &url Parameter XSS Security Vulnerabilities

Product: phpwind

Vendor: phpwind

Vulnerable Versions: v8.7

Tested Version: v8.7

Advisory Publication: May 25, 2015

Latest Update: May 25, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

Caution Details:

(1) Vendor & Product Description:

Vendor:

phpwind

Product & Vulnerable Versions:

phpwind

v8.7

Vendor URL & Download:

Product can be obtained from here,

http://www.phpwind.net/thread/166

Product Introduction Overview:

“phpwind (abbreviation: pw) is a program based on…

View original post 詳見內文:約398字

Proverbs Web Calendar 2.1.2 XSS (Cross-site Scripting) Security Vulnerabilities

Hacker Research Topics

iStock_000007384492-keyboard_5

Proverbs Web Calendar 2.1.2 XSS (Cross-site Scripting) Security Vulnerabilities

Exploit Title: Proverbs Web Calendar /calendar.php Multiple Parameters XSS (Cross-site Scripting) Security Vulnerabilities

Vendor: Proverbs

Product: Proverbs Web Calendar

Vulnerable Versions: 1.0.0 1.1 1.2.2 2.1 2.1.2

Tested Version: 1.2.2 2.1

Advisory Publication: April 03, 2015

Latest Update: April 03, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Writer and Reporter: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Suggestion Details:


(1) Vendor & Product Description:


Vendor:

Proverbs

Product & Vulnerable Versions:

Proverbs Web Calendar

1.0.0

1.1

1.2.2

2.1

2.1.2

Vendor URL:

http://www.proverbs.biz/

Download:

Proverbs Web Calendar can be obtained from here,

http://www.proverbsllc.com/demos/calendar/calendar.php

http://www.hotscripts.com/listing/proverbs-web-calendar/

http://www.c-point.com/free_php_scripts/calendar.php

http://www.html.it/articoli/proverbs-php-web-calendar-v-100-1/

Product Introduction Overview:

“This is a web event calendar developed using PHP and powered by MySQL. The calendar is viewed in month format initially with a…

View original post 詳見內文:約166字

6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Security Vulnerabilities

Hacker Research Topics

stock-footage-digital-code-binary-computer-background-series-version-from-to

6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Security Vulnerabilities

Exploit Title: 6kbbs Multiple CSRF (Cross-Site Request Forgery) Security Vulnerabilities

Vendor: 6kbbs

Product: 6kbbs

Vulnerable Versions: v7.1 v8.0

Tested Version: v7.1 v8.0

Advisory Publication: April 02, 2015

Latest Update: April 02, 2015

Vulnerability Type: Cross-Site Request Forgery (CSRF) [CWE-352]

CVE Reference: *

CVSS Severity (version 2.0):

CVSS v2 Base Score: 6.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 8.6

Writer and Reporter: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Suggestion Details:

(1) Vendor & Product Description:


Vendor:

6kbbs

Product & Vulnerable Versions:

6kbbs

v7.1

v8.0

Vendor URL & download:

6kbbs can be gain from here,

http://www.6kbbs.com/download.html

http://en.sourceforge.jp/projects/sfnet_buzhang/downloads/6kbbs.zip/

Product Introduction Overview:

“6kbbs V8.0 is a PHP + MySQL built using high-performance forum, has the code simple, easy to use, powerful, fast and so on. It is an excellent community forum program. The program is simple but not simple; fast, small…

View original post 詳見內文:約407字

6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Security Vulnerabilities

Hacker Research Topics

stock-footage-digital-code-binary-computer-background-series-version-from-to

6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Security Vulnerabilities

Exploit Title: 6kbbs Multiple CSRF (Cross-Site Request Forgery) Security Vulnerabilities

Vendor: 6kbbs

Product: 6kbbs

Vulnerable Versions: v7.1 v8.0

Tested Version: v7.1 v8.0

Advisory Publication: April 02, 2015

Latest Update: April 02, 2015

Vulnerability Type: Cross-Site Request Forgery (CSRF) [CWE-352]

CVE Reference: *

CVSS Severity (version 2.0):

CVSS v2 Base Score: 6.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 8.6

Writer and Reporter: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Suggestion Details:

(1) Vendor & Product Description:


Vendor:

6kbbs

Product & Vulnerable Versions:

6kbbs

v7.1

v8.0

Vendor URL & download:

6kbbs can be gain from here,

http://www.6kbbs.com/download.html

http://en.sourceforge.jp/projects/sfnet_buzhang/downloads/6kbbs.zip/

Product Introduction Overview:

“6kbbs V8.0 is a PHP + MySQL built using high-performance forum, has the code simple, easy to use, powerful, fast and so on. It is an excellent community forum program. The program is simple but not simple; fast, small…

View original post 詳見內文:約407字

6kbbs v8.0 SQL Injection Security Vulnerabilities

Hacker Research Topics

07_phone_security_g_w

6kbbs v8.0 SQL Injection Security Vulnerabilities

Exploit Title: 6kbbs Multiple SQL Injection Security Vulnerabilities

Vendor: 6kbbs

Product: 6kbbs

Vulnerable Versions: v7.1 v8.0

Tested Version: v7.1 v8.0

Advisory Publication: April 01, 2015

Latest Update: April 01, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Writer and Reporter: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Suggestion Details:



(1) Vendor & Product Description:



Vendor:

6kbbs

Product & Vulnerable Versions:

6kbbs

v7.1

v8.0

Vendor URL & download:

6kbbs can be obtained from here,

http://www.6kbbs.com/download.html

http://www.bvbcode.com/code/93n8as2z-down

Product Introduction Overview:

“6kbbs V8.0 is a PHP + MySQL built using high-performance forum, has the code simple, easy to use, powerful, fast and so on. It is an excellent community forum program. The program is simple but…

View original post 詳見內文:約247字

NetCat CMS Multiple HTTP Response Splitting (CRLF) Security Vulnerabilities

IT Swift - Know IT News Swiftly

netcat_ru_5

NetCat CMS Multiple HTTP Response Splitting (CRLF) Security Vulnerabilities

Exploit Title: NetCat CMS Multiple CRLF Security Vulnerabilities

Product: NetCat CMS (Content Management System)

Vendor: NetCat

Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

Tested Version: 3.12

Advisory Publication: Mar 07, 2015

Latest Update: Mar 07, 2015

Vulnerability Type: Improper Neutralization of CRLF Sequences (‘CRLF Injection’) [CWE-93]

CVE Reference: *

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

Advisory Details:



(1) Vendor & Product Description:



Vendor:

NetCat

Product & Version:

NetCat

5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

Vendor URL & Download:

NetCat can be got from here,

http://netcat.ru/

Product Introduction:

NetCat.ru is russian local company. “NetCat designed to create an absolute majority of the types of sites: from simple “business card" with a minimum content to complex web-based systems, from corporate offices to online stores, libraries or media data – in other words, projects…

View original post 詳見內文:約210字

CVE-2014-2404 Oracle Manager WebGate Subcomponent Unspecified Remote Information Disclosure

比翼鳥資訊 - 在天願作比翼鳥 在地願為連理枝

CVE-2014-2404 Oracle Manager WebGate Subcomponent Unspecified Remote Information Disclosure

binary-code-image

Exploit Title: Oracle Manager WebGate Subcomponent Unspecified Remote Information Disclosure
Product: Access Manager component in Oracle Fusion Middleware
Vendor: Oracle
Vulnerable Versions: 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0
Advisory Publication: Apr 15, 2014
Latest Update: Apr 15, 2014
Vulnerability Type: Information Exposure [CWE-200]
CVE Reference: CVE-2014-2404
Risk Level: Medium
CVSS v2 Base Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) (legend)
Solution Status: Fixed by Vendor
Credit: Wang Jing [SPMS, Nanyang Technological University (NTU), Singapore]

http://webtechhut.blogspot.com/2014/12/cve-2014-2404-oracle-manager-webgate.html

View original post