[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    [PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior
From:       PersianHacker Team <pi3ch () yahoo ! com>
Date:       2005-03-29 13:15:12
Message-ID: 20050329131512.20517.qmail () www ! securityfocus ! com
[Download RAW message or body]



[PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple Vulnerbilities
Date: 2005 03
Bug Number: 11

Ublog
Ublog reload is a complete ASP weblog system.
More info @:
http://www.uapplication.com


Discussion:
--------------------
What are the bugs ?
1) Cross-Site Scripting that lets attackers can inject HTML or Script.
2) Default Database Name.

Description bugs
1)
Input passed to the "msg" parameter in "login.asp" isn't properly sanitised before \
being returned to the user. Example : 
2)
The problem is that the database file "mdb-database/ublogreload.mdb" is located \
inside the web root. so attackers can download it and disclose user/password of \
admin. attention : the admin's password is in the hash formating.

Exploit:
--------------------
http://www.example.com/login.asp?msg=&lt;script&gt;alert(XSS)&lt;/script&gt;
http://www.example.com/mdb-database/ublogreload.mdb


Solution:
--------------------
Upgrade to ublog reaload version 1.0.5


Credit:
--------------------
Discovered by PersianHacker.NET Security Team
by 3nitro (3nitro [AT] persianhacker [DOT] net)
http://www.PersianHacker.NET

Special Thanks: Pi3cH


Help
--------------------
visit: http://www.PersianHacker.NET
or mail me @: 3nitro [AT] persianhacker [DOT] net


Note
--------------------
scripts authors contacted for this bug.


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic