Next Page >>
control panel
The Solaris version of CiscoWorks Common Services is not affected by
this vulnerability.
The TFTP service is enabled by default. To verify that the TFTP service
is running connect to the CiscoWorks interface and choose "Start >
Settings > Control Panel > Administrative Tools > Services" to access
the "Services" window. The name of the service is "CWCS tftp service".
Note: Administrators can also issue the "tasklist/svc" Microsoft Windows
command to list the services that are running on the system.
==========================================================
Starsgames Control Panel <= 4.6.2 Remote XSS Vulnerability
==========================================================
AUTHOR : CWH Underground
DATE : 19 May 2008
SITE : www.citec.us
Removing WebEx Meeting Manager
+-----------------------------
It is possible to remove the WebEx Meeting Manager component from
Microsoft Windows by using the Add or Remove Programs utility in the
Windows Control Panel:
1. In Windows, choose Start > Control Panel.
2. Double-click Add or Remove Programs.
3. Double-click WebEx.
4. In the pop-up menu, check the Meeting Manager box and click
1.2. Absolute News Manager XE: Absolute News Manager is a powerful web site news and article content management system.
1.3. Absolute Banner Manager XE: Absolute Banner Manager is the most complete, robust and easy to use web based banner management and ad tracking software.
1.4. Absolute Form Processor XE: The Absolute Form Processor is a powerful tool for processing your web based HTML forms. You don’t have to waste time developing server code, validation rules , form mailers or auto responders for your web forms, this application does all this for you.
1.5. Absolute Image Gallery XE: The complete and powerful media gallery software that makes creating and maintaining images and multimedia galleries a snap. The code resides on your web server and searches your web site for new images and files to add to your gallery.
1.6. Absolute Poll Manager XE: Absolute Poll Manager is a complete and easy-to-use survey software for dynamically adding polls and surveys to your site while creating interest among your site visitors and gathering valuable information about what they think.
1.7. Absolute Control Panel XE: Absolute Control Panel is a web based interfacing system specially designed to provide centralized access to your web based applications and Xigla application modules. It has been developed as a practical access point to our web based suite of solutions on your web sites.
####################
2. Vulnerabilities:
####################
A photo gallery for e107, powered by Highslide JS script. with random
gallery menu and navigation menu.
+ User interface for uploads images
+ Pre-moderation users download
+ Control Panel, can edit the name and description, delete and move
+ New comment system, it is now the most opulent gallery
+ New Front page
+ Added BBcode and a button
Vulnerability:
================================================================================================================
1024cms Admin Control Panel v1.1.0 Beta (Complete-Modules Package) - Cross-Site Scripting Vulnerability
================================================================================================================
Software: 1024cms Admin Control Panel v1.1.0 Beta (complete-modules package)
Vendor: http://1024cms.org/
Vuln Type: Cross-Site Scripting
Remote: Yes
Local: No
Discovered by: QSecure and Demetris Papapetrou
Invision Power Board (IPB) is a professional forum system that has
been built
from the ground up with speed and security in mind, taking advantage
of object
oriented code, highly-optimized SQL queries, and the fast PHP engine. A
comprehensive administration control panel is included to help you
keep your
board running smoothly. Moderators will also enjoy the full range of
options
available to them via built-in tools and moderators control panel.
Members
http://www.target.com/[path]/sites/index.php?cid=-1%20union%20select%201,2,3,sesskey,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5%20from%20sessions--
Dork:
~~~~
Google : "Hivemaker" or "Hivemaker(TM) Control Panel Login"
Altavista : "Hivemaker(TM) Control Panel Login"
Solution:
~~~~~~
A photo gallery for e107, powered by Highslide JS script. with random
gallery menu and navigation menu.
+ User interface for uploads images
+ Pre-moderation users download
+ Control Panel, can edit the name and description, delete and move
+ New comment system, it is now the most opulent gallery
+ New Front page
+ Added BBcode and a button
Vulnerability:
=============================================================================================================
1024cms Admin Control Panel v1.1.0 Beta (Complete-Modules Package) - Local File Include Vulnerability
=============================================================================================================
Software: 1024cms Admin Control Panel v1.1.0 Beta (complete-modules package)
Vendor: http://1024cms.org/
Vuln Type: Local File Include
Remote: Yes
Local: No
Discovered by: QSecure and Demetris Papapetrou
-----------
Block the ActiveX plugin from "Husdawg, LLC" and don't run it.
Remove the Certificate of the Java applet from "Husdawg, LLC" from
Control Panel / Java / Security / Certificates / Trusted Certificates
and don't allow the applet to run.
Patch:
------
============================================================================================================
1024cms Admin Control Panel v1.1.0 Beta (Master-cPanel Package) - Cross-Site Scripting Vulnerability
============================================================================================================
Software: 1024cms Admin Control Panel v1.1.0 Beta (master-cpanel package)
Vendor: http://1024cms.org/
Vuln Type: Cross-Site Scripting
Remote: Yes
Local: No
Discovered by: QSecure and Demetris Papapetrou
Symptoms of successful attack
One or more of the following:
*Control panel lights are blinking, no response to pushing buttons
*LCD panel displays error message
*LCD panel displays a halted progress bar
*Switching power off from on/off button takes more than 10 seconds
Proof of Concept:
[HSC] InterWorx-CP Multiple HTMl Injection Vulnerabilities
The InterWorx Hosting Control Panel (InterWorx-CP) is a dedicated
server control panel. InterWorx suffers from multiple HTMl injection
vulnerabilities. JavaScript and Cross site scripting are just few found
vulns, more sophisticated attacks such as remote file inclusion or even
SQl injection may be possible. An attacker could exploit this vulnerability
to have arbitrary script code execute in the context of the affected site.
This may allow an attacker to steal cookie-based authentication credentials
and to launch other attacks.
> my emails. According to other D-Link security holes and their status I
> think that they won't reply, so I decided to write about it here.
>
> [Technical details]
>
> Control panel script - tools_admin.php allows attacker to change
> administrator name, password and other variables without any
> authorization by sending specially crafted http post request such as:
>
> ---cut here---
> POST http://192.168.1.1:80/tools_admin.php HTTP/1.1
==========================================================================================================
1024cms Admin Control Panel v1.1.0 Beta (Master-cPanel Package) - Local File Include Vulnerability
==========================================================================================================
Software: 1024cms Admin Control Panel v1.1.0 Beta (master-cpanel package)
Vendor: http://1024cms.org/
Vuln Type: Local File Include
Remote: Yes
Local: No
Discovered by: QSecure and Demetris Papapetrou
=============================================================================================================
1024cms Admin Control Panel v1.1.0 Beta (Complete-Modules Package) - Directory Traversal Vulnerability
=============================================================================================================
Software: 1024cms Admin Control Panel v1.1.0 Beta (complete-modules package)
Vendor: http://1024cms.org/
Vuln Type: Directory Traversal
Remote: Yes
Local: No
Discovered by: QSecure and Demetris Papapetrou
# Name : aliboard Beta Upload Shell From ControlPanel
# Download From : http://www.alilg.com/software/free-opensource-bulletin-board/
# Found By : RoMaNcYxHaCkEr [RoMaNTiC-TeaM]
# Home Page : WwW.4RxH.CoM
# Google Dork : Powered by aliboard © 2006, 2007 alilg web-based software
my emails. According to other D-Link security holes and their status I
think that they won't reply, so I decided to write about it here.
[Technical details]
Control panel script - tools_admin.php allows attacker to change
administrator name, password and other variables without any
authorization by sending specially crafted http post request such as:
---cut here---
POST http://192.168.1.1:80/tools_admin.php HTTP/1.1
IV - ADMIN SESSION HIJACKING
When an administrator logs in and go to the Admin Control
Panel (ACP), a session id is generated. Cookies can be
deleted, we just need the SID to be logged in the ACP.
The SID is sent for each request (variable "adsess"),
through the GET method.
When an Admin want to edit a member signature, if he click
=======================================================================
Discussion
The XSS in question exists on the login page for the MCP (moderation
control panel).
The login script takes a redirect parameter that lacks sanitation, allowing a
rather easy XSS:
http://localhost/vB3/modcp/index.php?redirect={XSS}
| Asterisk Open | 1.4.10, available from |
| Source | http://downloads.digium.com/pub/telephony/asterisk |
|---------------+--------------------------------------------------------|
| AsteriskNOW | Beta7, available from http://www.asterisknow.org/. |
| | Beta5 and Beta6 users can update using the system |
| | update feature in the appliance control panel. |
|---------------+--------------------------------------------------------|
| Asterisk | 0.7.0, available from |
| Appliance | http://downloads.digium.com/pub/telephony/aadk |
| Developer Kit | |
|---------------+--------------------------------------------------------|
VaLiuS has reported a vulnerability in Ragnarok Online Control Panel,
which can be exploited by malicious people to bypass certain security
restrictions.
The vulnerability is caused due to an error in the authentication
process when checking page access. This can be exploited to bypass
the authentication process via a specially crafted URL with an
appended non-restricted page.
The /.../ reffers to directory crawling
In the above topic they try to pass off the XSS as difficult to exploit,
with low exposure and damage. This advisory is here to detail what the
XSS is and how wrong Jelsoft are for assuming that XSS is harmless.
First, the discussion of exactly what the exploit is. The XSS in question
exists on the login page for the ACP (admin control panel). The login
script takes a redirect parameter that lacks sanitation, allowing a
rather easy XSS:
http://localhost/vB3/admincp/index.php?redirect={XSS}
print " 1 - PHP code execution\n\n";
print " -url IPB url with ending slash\n\n";
print " -uname targeted username\n";
print " -uid OR the targeted user id (def: 1)\n\n";
print " -prefix sql table prefix (def: ibf_)\n";
print " -acp admin control panel path (def: admin)\n\n\n";
print " 2 - Insecure SQL password usage\n\n";
print " -ip your current IP\n";
print " -dict a wordlist file\n\n";
print " -url IPB url with ending slash\n";
print " -uname a valid member username\n";
"explorer.exe hcp://CN=Microsoft%20Corporation,L=Re...". You can continue
to use this technique by substituting "explorer.exe hcp://..." for
"helpctr.exe /url hcp://...", without relying on the protocol handler.
* One or two links in explorer, such as selecting "Help" from the Control
Panel category view, may no longer function. If this concerns you, it is
possible to gracefully degrade by replacing the protocol handler with a
command to open a static intranet support page, e.g.
"chrome.exe http://techsupport.intranet".
* As always, if you do not use this feature, consider permanently disabling
HOW TO USE THIS VULN?
ANSWERE IS BELOW>>>>>>>
1.REG WITH VICTIM FORUM
2.GO TO USER CONTROL PANEL
3.EDIT YOUR SIGNATURE ByTHIS CODE
Code: Select all
<html>
<head>
=======================================================================
Discussion
The XSS in question exists on the log viewing page of the admin control panel.
When a missing page is requested, a log is created in the admin area, however
the inputs to this log lack sanitation. The script name is taken from
basename(PHP_SELF), while the action is taken from _REQUEST['do']. Either one
can be used for introducing XSS vectors.
-:: Solution ::-
A patch is available from http://members.vbulletin.com
Alternatively, search for "database_ingo" in the Phrase Manager within the
Admin Control Panel, and delete or edit all critical details.
Disclosure Information:
- vBulletin Security Notice & Patch: 22nd July 2010
- Vulnerability Researched and Disclosed: 22nd July
services protected by plesk authentication modules on at least the
current Plesk 8.6.0 Unix/Linux and could eg. be used for relaying spam
through gained smtp auth priviledges.
Only systems which allow short mail login names (SHORTNAMES=1) are
affected, which is not the default but is eg. effective after migrating
from Confixx control panel or by administrators manual choice.
My curent advice is to disable short login names through control panel
under Server -> E-Mail until the issue is resolved.
Next Page>>
|
