Posts

Showing posts from July, 2009

TinyBrowser (TinyMCE Editor Plugin) 1.41.6 <= Multiple Vulnerabilities

==============================================================================
TinyBrowser (TinyMCE Editor File browser) 1.41.6 - Multiple Vulnerabilitis
==============================================================================

Discovered by
Aung Khant, YGN Ethical Hacker Group, Myanmar
http://yehg.net/ ~ believe in full disclosure

OSVDB ID: 56602, 56603
Secunia Advisory ID: 36031

Advisory URL:
http://yehg.net/lab/pr0js/advisories/tinybrowser_1416_multiple_vulnerabilities
Date published: 2009-07-27
Severity: High
Vulnerability Class: Abuse of Functionality

Author: Bryn Jones (http://www.lunarvis.com)
Author Contacted: Yes
Reply: No reply


Product Overview
================

TinyBrowser is a plugin of TinyMCE JavaScript editor that acts as
file browser to view, upload, delete,rename files and folders on the
web servers.

Vulnerabilities
==================

#1. Default Insecure Configurations

Configuration settin…

Google Mail (Gmail) | Fail to do Security Check Vulnerability

=============================================================
Google Mail (Gmail) Fail to do Security Check Vulnerability
=============================================================

Discovered by
Aung Khant, YGN Ethical Hacker Group, Myanmar
http://yehg.net/ ~ believe in full disclosure

Advisory URL:
http://yehg.net/lab/pr0js/advisories/gmail_fails_to_referer_check
Date published: 2009-07-27
Severity: High

Vulnerability Type: Lack of security check
Vulnerability Consequence: Spoofing/Phishing Attack Success

Vendor: Google Inc
URL: http://google.com

Vulnerable URL:
https://www.google.com/accounts/ServiceLoginAuth?service=mail


Description
===========

Google mail service for custom domains checks the HTTP referer field
for authenticating, i.e when a user have submitted username and password.
If the HTTP refer field doesn't contain https://mail.google.com/a/yourname.com,
then it warns the user the error message that asks him to login from his primary domain url.

However, this security check has not b…

Rapidshare | Login Credential Leakage Vulnerability

==================================
Rapidshare Login Credential Leakage Vulnerability
==================================

Discovered by
Aung Khant, YGN Ethical Hacker Group, Myanmar
http://yehg.net/ ~ believe in full disclosure

Advisory URL:
http://yehg.net/lab/pr0js/advisories/rapidshare.com_login_credential_leak_overhttp
Date published: 2009-07-26

Vendor: Rapidshare (Free File Hosting Provider)
URL: http://www.rapidshare.com, http://rapidshare.de
Reported: Yes ([email protected])

Attacker:
1. Trojans or malwares that have sniffing capability
2. Malicious user who is running HTTP sniffer

Where: User's computer / User's networks(LAN,WAN,Proxy,ISP,...etc)


Overview
==========
Upon understanding secure login, Rapidshare protects user credentials from
HTTP Traffic sniffing with secure SSL page https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi
where users are redirected to when they go to the login page.
Although it is their intention to protect, there have been a way …

Exploiting Gmail Weak Password Recovery

Download Exploiting Gmail Weak Password Recovery

This weakness has long existed since the introduction of Gmail.

Description: Password reset/recovery questions shouldn't be too much simplistic. They shouldn't be any kinds that ask users to answer very security-weak answers such as 0-9,red-green-yellow-orange,etc.
Date: June 2009

Keywords: Hacking Gmail, Cracking Gmail, through password recovery

Multiple vulnerabilities in PHP Support Tickets 2.2 <=

http://yehg.net/lab/pr0js/advisories/php_support_ticket-2.2

==============================================================================
PHP Support Ticket 2.2 <= Multiple Vulnerabilities
==============================================================================

Discovered by
Aung Khant, YGN Ethical Hacker Group, Myanmar
http://yehg.net/ ~ believe in full disclosure

Advisory URL:
http://yehg.net/lab/pr0js/advisories/php_support_ticket-2.2
Date published: 2009-07-23
Severity: High

Vendor: Triangle Solutions Ltd (http://www.triangle-solutions.com/)
Script URL: http://www.phpsupporttickets.com/

Demo URL:
http://www.phpsupporttickets.com/modules/phpsupporttickets.com/demo/


Overview
==========
This version of PHP Support Ticket is bundled together in today's one-click
script installer of all/most web hosting providers. Customers have no clue
of the vulnerabilities. Hosting providers always say marketing voice -
easy deployment, one-click installation - but no security.

#######################…