[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: [PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior
From: PersianHacker Team <pi3ch () yahoo ! com>
Date: 2005-03-29 13:15:12
Message-ID: 20050329131512.20517.qmail () www ! securityfocus ! com
[Download RAW message or body]
[PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple Vulnerbilities
Date: 2005 03
Bug Number: 11
Ublog
Ublog reload is a complete ASP weblog system.
More info @:
http://www.uapplication.com
Discussion:
--------------------
What are the bugs ?
1) Cross-Site Scripting that lets attackers can inject HTML or Script.
2) Default Database Name.
Description bugs
1)
Input passed to the "msg" parameter in "login.asp" isn't properly sanitised before \
being returned to the user. Example :
2)
The problem is that the database file "mdb-database/ublogreload.mdb" is located \
inside the web root. so attackers can download it and disclose user/password of \
admin. attention : the admin's password is in the hash formating.
Exploit:
--------------------
http://www.example.com/login.asp?msg=<script>alert(XSS)</script>
http://www.example.com/mdb-database/ublogreload.mdb
Solution:
--------------------
Upgrade to ublog reaload version 1.0.5
Credit:
--------------------
Discovered by PersianHacker.NET Security Team
by 3nitro (3nitro [AT] persianhacker [DOT] net)
http://www.PersianHacker.NET
Special Thanks: Pi3cH
Help
--------------------
visit: http://www.PersianHacker.NET
or mail me @: 3nitro [AT] persianhacker [DOT] net
Note
--------------------
scripts authors contacted for this bug.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic