Bugtraq mailing list archives
Vulnerabilities in W-Agora
From: "MustLive" <mustlive () websecurity com ua>
Date: Fri, 22 Oct 2010 23:43:30 +0300
Hello Bugtraq!I want to warn you about Cross-Site Scripting and Local File Inclusion vulnerabilities in W-Agora. In addition to vulnerabilities in this system which I found and disclosed in 2006 (SecurityVulns ID: 6960).
------------------------- Affected products: ------------------------- Vulnerable are W-Agora 4.2.1 and previous versions. ---------- Details: ---------- XSS (WASC-08): http://site/news/search.php3?bn=%3Cbody%20onload=alert(document.cookie)%3E Local File Inclusion (WASC-31):It's possible to include php-files (with extension php3 in version W-Agora 4.1.5 or with extension php in version 4.2.1).
In folder conf: http://site/news/search.php3?bn=1 In any folder (only on Windows-servers): http://site/news/search.php3?bn=..\1 In last versions of the system search.php3 has name search.php. ------------ Timeline: ------------ 2010.08.27 - announced at my site.2010.08.29 - informed developers. Developers of W-Agora didn't answer and didn't fix the holes (unlike in 2006).
2010.10.22 - disclosed at my site. I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/4481/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
Current thread:
- Vulnerabilities in W-Agora MustLive (Oct 25)