Posts

Showing posts from February, 2012

Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities (CVE-2012-0873)

1. OVERVIEW

Dolphin 7.0.7 and lower versions are vulnerable to Cross Site Scripting.

2. BACKGROUND

Dolphin is the only "all-in-one" free community software platform for
creating your own social networking, community or online dating site
without any limits and under your full control. Dolphin comes with
hundreds of features, module plugins and tools. Everything is included
and extension posibilities are literally endless. You can use it for
free with a BoonEx link in the footer or buy a $99 permanent license
to remove that requirement.

3. VULNERABILITY DESCRIPTION

Multiple parameters (explain,photos_only,online_only,mode) were not
properly sanitized, which allows attacker to conduct Cross Site
Scripting attack. This may allow an attacker to create a specially
crafted URL that would execute arbitrary script code in a victim's
browser.

4. VERSIONS AFFECTED

7.0.7 and lower

5. PROOF-OF-CONCEPT/EXPLOIT

Vulnerable Parameter: explain
http://localhost/dolph/explanation.php?expla…

OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities (CVE-2012-0872)

1. OVERVIEW
OxWall 1.1.1 and lower versions are vulnerable to Cross Site Scripting.

2. BACKGROUND
Oxwall is a free open source software package for building social
networks, family sites and collaboration systems. It is a flexible
community website engine developed with the aim to provide people with
a well-coded, user-friendly software platform for social needs. It is
easy to set up, configure and manage Oxwall while you focus on your
site idea. We are testing the concept of free open source community
software for complete (site,sub-site setups) and partial
(widgets,features) community and collaboration solutions for companies
and individuals.

3. VULNERABILITY DESCRIPTION
Multiple parameters were not properly sanitized, which allows attacker
to conduct Cross Site Scripting attack. This may allow an attacker to
create a specially crafted URL that would execute arbitrary script
code in a victim's browser.

4. VERSIONS AFFECTED
1.1.1 and lower

5. PROOF-OF-CONCEPT/EXPLOIT
URL: http:/…

[WhatWeb] 7 New Plugins

Image

Tool Update: OWASP Joomla! Vulnerability Scanner

Our OWASP vulnerability scanner has been updated with the 200 vulnerability entries contributed by web-center.si team.

Please svn up.

svn co https://joomscan.svn.sourceforge.net/svnroot/joomscan/trunk/ joomscan

Have fun securing your Joomla! CMS!

As usual, send your contributions and bug reports to joomscan at yehg.net .

CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability (CVE-2012-0865)

1. OVERVIEW

The CubeCart 3.0.20 and lower versions are vulnerable to Open URL Redirection.


2. BACKGROUND

CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online store which can be used to sell digital or tangible products to new and existing customers all over the world.


3. VULNERABILITY DESCRIPTION

The CubeCart 3.0.20 and lower versions contain a flaw that allows a remote cross site redirection attack. This flaw exists because the application does not properly sanitise the parameters,"goto", "r" and "redir".  This allows an attacker to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choice.


4. VERSIONS AFFECTED

3.0.20 and lower (aka 3.0.x family)


5. PROOF-OF-CONCEPT/EXPLOIT

http://localhost…

Site Update: firewalkx tool

firewalkx

This is a pre-compiled ready-to-run Firewalk for BackTrack Distro. This is a fixed version for the famous Firewalk tool (http://packetstormsecurity.org/UNIX/audit/firewalk/.) that couldn't be compiled on modern nix boxes due to compilation errors. Modified fixed source code included.

Download: http://code.google.com/p/firewalk/downloads/detail?name=%5Byehg.net%5DFirewallk-5.0-fixed.bz2&can=2&q=

Platform: BackTrack 5+ Distro
Language: C
SHA1: 1cbbfee94befda4935dfa8f3ea3320142ef429da


For those of you who are new to Firewalk:

Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass. Firewalk project works by sending out UDP or TCP packets with a TTL one greater than the targeted gateway.

If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway host does not allow…

Site Update: Hacker Web Directory

The Hacker Web Directory has been updated with over 2133 distributed links (alternatively 2006 compact links).

http://yehg.net/hwd/

As usual, sites may come and go.  If your favourite links haven't been included, feel free to post them here as comments.

Thanks for your visiting.