Next Page >>
Code Injection
Host: localhost
Cookie: cookie_login[login]=admin;cookie_login[active]=1;cookie_login[user_type]=administrator;cookie_login[password]=1;cookie_password=1
Connection: keep-alive
+--------------------+
| PHP Code Injection |
+--------------------+
The vulnerable code is located in /www/student.php
123. if (isset($_GET['course']) || isset($_GET['from_course'])) {
for small and medium sized enterprises looking for an inexpensive way to
effectively manage and develop their human resources."
Product link: http://www.orangehrm.com/
2. Vulnerability Information
Class: Cross site scripting, SQL injection, PHP code injection, Cross-site
request forgery
Impact: Session hijacking, unauthorized data access, privilege escalation,
user-assisted arbitrary command execution
Rating: Less critical
Remotely Exploitable: Yes
8.12.3 Non-Vulnerable packages
UTF-8b
8.13 PHP Code Injection for categories module
------------------------------------------------------------------------------------------------------------------------
Severity: Medium
Requires: Administrator level account
8.13.1 Proof of concept exploit
9. *References*
[1] http://www.sun.com/software/products/calendar_srvr/
[2] HTML Code Injection and Cross-Site Scripting
http://www.technicalinfo.net/papers/CSS.html.
[3] The Cross-Site Scripting FAQ (XSS)
http://www.cgisecurity.com/articles/xss-faq.shtml
[4] How to prevent Cross-Site Scripting Security Issues
http://support.microsoft.com/default.aspx?scid=KB;en-us;q252985
then save the shopping cart for the tables to be revealed by
browsing to: http://www.victim.com/cart_save.php
===============================================================
===============================================================
!risk 3 - Arbitrary Code Injection
High
Attackers can use this vulnerability to execute arbitrary code
on a legitimate user.
===============================================================
- - Affected Components:
. SAP NetWeaver 2004 < SP21
. SAP NetWeaver 2004s < SP13
- - Vulnerability Class: HTML Code Injection
- - Remotely Exploitable: Yes
- - Locally Exploitable: Yes
####################
Language: English
####################
------------------------------------------------------------
MULTIPLE CODE INJECTION VULNERABILITIES --TUENTI--SPAIN-->
------------------------------------------------------------
SYSTEM INFORMATION:
-->WEB: http://www.tuenti.com/
</message>
###########################################################################
###########################################################################
=== [ HTML Code Injection ] ===
[»] add new message
<img src="">
Title: SOPHOS Email Security Appliance Cross Site Scripting Vulnerability
Advisory ID: INFIGO-2008-02-13
Date: 2008-02-13
Advisory URL: http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-02-13
Impact: Malicious JavaScript Code Injection
Risk Level: Medium
Vulnerability Type: Remote
Versions not affected: >= 2.4.3
========================================================================
========================================================================
Vulnerability: Remote PHP code injection and execution
========================================================================
Description
-----------
A remote PHP code injection and execution vulnerability has recently
10. *References*
[1]
http://www.sun.com/software/products/calendar_srvr/comms_express/index.xml
[2] HTML Code Injection and Cross-Site Scripting
http://www.technicalinfo.net/papers/CSS.html.
[3] The Cross-Site Scripting FAQ (XSS)
http://www.cgisecurity.com/articles/xss-faq.shtml
[4] How to prevent Cross-Site Scripting Security Issues
http://support.microsoft.com/default.aspx?scid=KB;en-us;q252985
-------------------------------------------------------------------------
Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection
-------------------------------------------------------------------------
author...........: Egidio Romano aka EgiX
mail.............: n0b0d13s[at]gmail[dot]com
software link....: http://info.tiki.org/
[-] Vulnerability explanation:
--------------------------------------------------
Title:
======
SonicWall web admin interface mltiple code injection vulnerabilities
Date:
=====
2011-09-29
--------------------------------------------------------------------
Dolphin <= 7.0.7 (member_menu_queries.php) Remote PHP Code Injection
--------------------------------------------------------------------
author...............: EgiX
mail.................: n0b0d13s[at]gmail[dot]com
software link........: http://www.boonex.com/dolphin
affected versions....: from 7.0.0 to 7.0.7
-----------------------------------------------------------------
(PT-2011-02) Positive Technologies Security Advisory
PHP code Injection in Kayako Support Suite
-----------------------------------------------------------------
---[ Vulnerable software ]
Kayako Support Suite
Version: 3.70.02-stable and earlier
'=.|w|.='
_='`"``=.
presents..
Yoono Firefox Extension Code Injection Vulnerability
Versions affected: < 6.1.1
+-----------+
|Description|
Cross site scripting was possible through a number of pages which
allowed an attacker to steal sensitive session data.
CVE-2009-1579
Code injection was possible when SquirrelMail was configured to
use the map_yp_alias function to authenticate users. This is not
the default.
CVE-2009-1580
Class: Input Validation Error
Risk: Low
Remote: Yes
Oracle has just released CPU July 2008 critical patch that fixes a flaw
which allows code injection by malicious web users into the web pages
viewed by other users.
The security issue was found on POPUP_NAME parameter OF
PORTAL.WWPOB_HOME_PAGE web page of Oracle Portal.
Poc for Static code injection vulnerability in setup.php in phpMyAdmin.
http://www.milw0rm.com/exploits/8921
Best Regards
-Rajesh Kumar
manner [0].
4. *Vulnerability Description*
SQL injection is a code injection technique that exploits a security
vulnerability occurring in the database layer of an application. The
vulnerability is present when user input is either incorrectly filtered for
string literal escape characters embedded in SQL statements or user input
is not strongly typed and thereby unexpectedly executed.
Multiple cross-site scripting (XSS) vulnerabilities in the export page
(display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x
before 3.1.3.1 allow remote attackers to inject arbitrary web script
or HTML via the pma_db_filename_template cookie (CVE-2009-1150).
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x
before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to
inject arbitrary PHP code into a configuration file via the save action
(CVE-2009-1151).
This update provides phpMyAdmin 2.11.9.5, which is not vulnerable to
ZDI-11-037: Symantec IM Manager Administrative Interface IMAdminSchedTask.asp Eval Code Injection Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-037
January 31, 2011
-- CVE ID:
CVE-2010-3719
-- CVSS:
Keynote Presentation November 4: Mitsugu Okatani, National Information Security Center / Ministry of Defense / Japan Air Self-Defense Force
Keynote Presentation November 5: Hideaki Kobayashi, Information Technology Promotion Agency
Virtualisation security and the Intel privilege model - Tavis Ormandy & Julien Tinnes, Google
Silicon Chips: No More Secrets - Karsten Nohl
Filter Resistant Code Injection on ARM - Yves Younan, University of Leuven
iPhone SMS Fuzzing and Exploitation - Charlie Miller, Independent Security Evaluators
The Microsoft View of the 2008 Threat Landscape - Tony Lee, Microsoft
Cloud Defense in the Post-BotWar Era - Ikuo Takahashi
The Android Security Story: Challenges and Solutions for Secure Open Systems - Rich Cannings & Alex Stamos, Google, iSec Partners
Stealthy Rootkit : How malware fools live memory forensics - Tsukasa Ooi, Livegrid
rely on cookies for session management. The AirKiosk system does not
use cookies at all, and we discourage their use generally.
STATUS:
formlib.pl has been patched where applicable and possible code injection
is no longer possible.
Raymond Pete
* Map Server (like Google Maps)
* Link Directory (like DMOZ)
* Translation and i18n (like Babel Fish)"
TikiWiki 1.9.8.1 fixes a broken white-list check (CVE-2007-5423)
that is supposed to protect against arbitrary PHP code injection
in a call to create_function(). When we analysed the bugfix we
discovered that while the reported bug in the white-list check
is now repaired, it is still possible to execute arbitrary PHP
code by only using the strings allowed in the white-list.
"by bitweaver" Version powered +boards
"You are running bitweaver in TEST mode"|"bitweaver * White Screen of Death"
Versions tested: 2.6.0, 2.0.2
Vulnerability type: folder creation, file creation, file overwrite, PHP code injection.
Explaination:
look at /boards/boards_rss.php, line 102:
...
echo $rss->saveFeed( $rss_version_name, $cacheFile );
admin/moderator is already logged in;
if the admin/moderator is not, they will be required to log in.
However, if an admin
logs into the MCP, he is also logged into the ACP, allowing the same
exploit as last time
(remote PHP code injection via the hooks system).
If you Base64-encode your attack vector using
the data: URI scheme, the XSS survives the login request and activates after
the admin/moderator is logged in. A simple example of the above:
Articles
--------
MOPS Submission 07: Our Dynamic PHP – Obvious and not so obvious PHP
code injection and evaluation
http://php-security.org/2010/05/20/mops-submission-07-our-dynamic-php/
MOPS Submission 06: Variable Initialization in PHP
http://php-security.org/2010/05/17/mops-submission-06-variable-initialization-in-php/
vulnerability. (CVE-2011-2505).
setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2
and 3.4.x before 3.4.3.1 does not properly restrict the presence of
comment closing delimiters, which allows remote attackers to conduct
static code injection attacks by leveraging the ability to modify
the SESSION superglobal array (CVE-2011-2506).
libraries/server_synchronize.lib.php in the Synchronize implementation
in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not
properly quote regular expressions, which allows remote authenticated
Possible session manipulation in Swekey authentication.
CVE-2011-2506
Possible code injection in setup script, in case session
variables are compromised.
CVE-2011-2507
Regular expression quoting issue in Synchronize code.
Next Page>>
|
