Posts

Showing posts from July, 2009

TinyBrowser (TinyMCE Editor Plugin) 1.41.6 <= Multiple Vulnerabilities

============================================================================== TinyBrowser (TinyMCE Editor File browser) 1.41.6 - Multiple Vulnerabilitis ============================================================================== Discovered by Aung Khant, YGN Ethical Hacker Group, Myanmar http://yehg.net/ ~ believe in full disclosure OSVDB ID: 56602 , 56603 Secunia Advisory ID: 36031 Advisory URL: http://yehg.net/lab/pr0js/advisories/tinybrowser_1416_multiple_vulnerabilities Date published: 2009-07-27 Severity: High Vulnerability Class: Abuse of Functionality Author: Bryn Jones (http://www.lunarvis.com) Author Contacted: Yes Reply: No reply Product Overview ================ TinyBrowser is a plugin of TinyMCE JavaScript editor that acts as file browser to view, upload, delete,rename files and folders on the web servers. Vulnerabilities ================== #1. Default Insecure Configurati

Google Mail (Gmail) | Fail to do Security Check Vulnerability

============================================================= Google Mail (Gmail) Fail to do Security Check Vulnerability ============================================================= Discovered by Aung Khant, YGN Ethical Hacker Group, Myanmar http://yehg.net/ ~ believe in full disclosure Advisory URL: http://yehg.net/lab/pr0js/advisories/gmail_fails_to_referer_check Date published: 2009-07-27 Severity: High Vulnerability Type: Lack of security check Vulnerability Consequence: Spoofing/Phishing Attack Success Vendor: Google Inc URL: http://google.com Vulnerable URL: https://www.google.com/accounts/ServiceLoginAuth?service=mail Description =========== Google mail service for custom domains checks the HTTP referer field for authenticating, i.e when a user have submitted username and password. If the HTTP refer field doesn't contain https://mail.google.com/a/yourname.com, then it warns the user the error message that asks him to login from his primary domain url. However, this securi

Rapidshare | Login Credential Leakage Vulnerability

================================== Rapidshare Login Credential Leakage Vulnerability ================================== Discovered by Aung Khant, YGN Ethical Hacker Group, Myanmar http://yehg.net/ ~ believe in full disclosure Advisory URL: http://yehg.net/lab/pr0js/advisories/rapidshare.com_login_credential_leak_overhttp Date published: 2009-07-26 Vendor: Rapidshare (Free File Hosting Provider) URL: http://www.rapidshare.com, http://rapidshare.de Reported: Yes ([email protected]) Attacker: 1. Trojans or malwares that have sniffing capability 2. Malicious user who is running HTTP sniffer Where: User's computer / User's networks(LAN,WAN,Proxy,ISP,...etc) Overview ========== Upon understanding secure login, Rapidshare protects user credentials from HTTP Traffic sniffing with secure SSL page https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi where users are redirected to when they go to the login page. Although it is their intention to protect, ther

Exploiting Gmail Weak Password Recovery

Download Exploiting Gmail Weak Password Recovery This weakness has long existed since the introduction of Gmail. Description: Password reset/recovery questions shouldn't be too much simplistic. They shouldn't be any kinds that ask users to answer very security-weak answers such as 0-9,red-green-yellow-orange,etc. Date: June 2009 Keywords: Hacking Gmail, Cracking Gmail, through password recovery

Multiple vulnerabilities in PHP Support Tickets 2.2 <=

http://yehg.net/lab/pr0js/advisories/php_support_ticket-2.2 ============================================================================== PHP Support Ticket 2.2 <= Multiple Vulnerabilities ============================================================================== Discovered by Aung Khant, YGN Ethical Hacker Group, Myanmar http://yehg.net/ ~ believe in full disclosure Advisory URL: http://yehg.net/lab/pr0js/advisories/php_support_ticket-2.2 Date published: 2009-07-23 Severity: High Vendor: Triangle Solutions Ltd (http://www.triangle-solutions.com/) Script URL: http://www.phpsupporttickets.com/ Demo URL: http://www.phpsupporttickets.com/modules/phpsupporttickets.com/demo/ Overview ========== This version of PHP Support Ticket is bundled together in today's one-click script installer of all/most web hosting providers. Customers have no clue of the vulnerabilities. Hosting providers always say marketing voice - easy deployment, one-click installation - but no security. #######