main page
Author : Yollubunlar.Org
Orginal Article : http://yollubunlar.org/proxy-anket-v301-sql-injection-vulnerable-3502.html
Main Page: http://yollubunlar.org/category/web-security
Script : http://www.aspdepo.org/tr/indir2.asp?id=587
Exploit
The 'id' GET parameter of 'page.asp', 'stylesheet.asp' and 'file.asp' is
vulnerable to numeric based blind SQL injection.
Example:
http://[victim]/page.asp?id=1 <-- main page
http://[victim]/page.asp?id=1 AND 1=2 <-- returns blank (false)
http://[victim]/page.asp?id=1 AND 1=1 <-- main page (true)
XSS in the 'url' parameter of 'login.asp':
Cisco Unified Presence versions prior to 6.0(3) are affected by the
vulnerabilities described in this advisory.
Administrators of systems running all Cisco Unified Presence versions
can determine the software version by viewing the main page of the Cisco
Unified Presence Administration interface. The software version can be
determined by running the command show version active via the Command
Line Interface (CLI).
Products Confirmed Not Vulnerable
Cisco Unified CallManager and selecting the Details button via the
Cisco Unified Communications Manager Administration interface.
Administrators of systems that are running Cisco Unified
Communications Manager versions 5.x and 6.x can determine the
software version by viewing the main page of the Cisco Unified
Communications Manager Administration interface. The software version
can also be determined by running the command show version active via
the command line interface.
In Cisco Unified CallManager version 4.x, the use of SIP as a call
Name: T64KIT1001540-V51BB26-ES-20080916.tar
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001540-V51BB26-ES-20080916
MD5 checksums are available from the ITRC patch database main page. From the patch database main page, click Tru64 UNIX, then click verifying MD5 checksums under useful links.
PRODUCT SPECIFIC INFORMATION
HISTORY
Version:1 (rev.1) - 5 November 2008 Initial release
* Cisco Unified Presence 1.x versions
* Cisco Unified Presence 6.x versions prior to 6.0(6)
* Cisco Unified Presence 7.x versions prior to 7.0(4)
Administrators of systems running Cisco Unified Presence can
determine the software version by viewing the main page of the Cisco
Unified Presence Administration interface. The software version can
be determined by running the command "show version active" via the
Command Line Interface (CLI).
Products Confirmed Not Vulnerable
* Cisco Unified Communications Manager 7.1.x versions prior to 7.1(2)
Cisco Unified CallManager versions 4.x are not affected by this
vulnerability. Administrators of systems that are running Cisco
Unified Communications Manager versions 5.x, 6.x and 7.x can
determine the software version by viewing the main page of the Cisco
Unified Communications Manager Administration interface. The software
version can also be determined by running the "show version active"
command via the command-line interface.
A SIP trunk must be configured for the Cisco Unified CallManager
> http://www.knowledgetree.org/Security_advisory:_URL_Manipulation
>
>
> Disclaimer: Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on the web page in Reference field.
Main page says: "KnowledgeTree Community Edition is unsupported, untested software and not designed for production use. KnowledgeTree Inc. does not warrant this software in any way." and atest version is 3.7, which is released December 2009. Could you give me the URL where they responded to your contact and fixed this vulnerability?
Even their https://issues.knowledgetree.com/ says "Your KnowledgeTree account has been suspended."
If one does fill their form and download this they are still serving 3.7 version. In download-page there is also link http://www.scribd.com/doc/23362922/What%E2%80%99s-New-in-KnowledgeTree-3-7 to "What's new"-page, which is only about Commercial Edition.
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3e)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(3)
Administrators of systems that are running Cisco Unified
Communications Manager versions 5.x and 6.x can determine the
software version by viewing the main page of the Cisco Unified
Communications Manager Administration interface. The software version
can also be determined by running the command show version active by
way of the command line interface (CLI).
Products Confirmed Not Vulnerable
On the website youcan see :
"We were recently informed of a very nasty exploit that, as far as we can see, affects almost all e107 0.7 releases. Everyone running e107 needs to get their sites updated as soon as possible. If you are a site owner and you are unable to upgrade for some reason (too much hacked core code), please contact me directly and I can help you with a quick-fix. ..."
and you can also see that the website was modified ... ( script and a lot of links before the <html> ... )
and some other stuff on the main page doesn't seem very good .. so if you know how to contact them ... please do it :)
Note: Cisco Unified Presence version 8.0(1) shipped with software
fixes for all the vulnerabilities described in this advisory.
Administrators of systems running Cisco Unified Presence can
determine the software version by viewing the main page of the Cisco
Unified Presence Administration interface. The software version can
be determined by running the command "show version active" using the
command line interface (CLI).
Products Confirmed Not Vulnerable
Name: POSTGRESQL_8.2.6-ES-20080320.tar.gz
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=POSTGRESQL_8.2.6-ES-20080320
MD5 checksums are available from the ITRC patch database main page. From the patch database main page, click Tru64 UNIX, then click verifying MD5 checksums under useful links.
PRODUCT SPECIFIC INFORMATION
HISTORY
82a2-c576-709b-6285-39cd-ad62-ae03-92f8
SHA1:
dd0a-f116-219f-3707-6c5a-d7c2-4196-284c-fa51-2375
MD5 checksums are available from the ITRC patch database main page. From the patch database main page, click Tru64 UNIX, then click verifying MD5 checksums under useful links.
PRODUCT SPECIFIC INFORMATION
None
HISTORY
* Cisco Unified Communications Manager 7.x
* Cisco Unified Communications Manager 8.x
Administrators of systems that are running Cisco Unified
Communications Manager versions 6.x, 7.x and 8.x can determine the
software version by viewing the main page of the Cisco Unified
Communications Manager Administration interface. The software version
can also be determined by running the show version active command via
the command-line interface.
Products Confirmed Not Vulnerable
Check "Run a command before backup is started";
Fill the white field with the desired command, ex. cmd /c start calc ;
Fill the credentials fields with the gained username and password
(you can use the same you had before);
Select an existing backup destination in the Protection Settings tab;
Browse to the main page and clicking "Backup Now";
Select Incremental Backup and press OK;
calc.exe is launched various times.
Other attacks are possible.
CA has issued the following patch to address the vulnerabilities.
CA Host-Based Intrusion Prevention System (CA HIPS) r8: QO91494
How to determine if you are affected:
1. Log in to the HIPS Administration Console.
2. Scroll down to the end of the Main page.
3. Press the "About" link on the right bottom side of the page.
4. Check the version. If the version is less than 8.0.0.93, the
installation is vulnerable.
Workaround: None
- -----------/
To get the correct username, we can take advantage of other mentioned
characteristics of Internet Explorer. As the browser is able to make SMB
requests against a webserver, if we include inside the main page (the
one which sets the cookies) some references to non-existent resources in
the example.com site, the client will attempt to establish an SMB
connection against it, from where the username (among other useful data,
such as the ciphered challenge/response) can be extracted. With this, we
can dynamically create a custom redirectToCookie file with the correct
button via the Cisco Unified Communications Manager Administration
interface.
Administrators of systems that are running Cisco Unified
Communications Manager versions 5.x and 6.x can determine the
software version by viewing the main page of the Cisco Unified
Communications Manager Administration interface. The software version
can also be determined by running the command show version active via
the command line interface (CLI).
Products Confirmed Not Vulnerable
Author : Yollubunlar.Org
Orginal Article: http://yollubunlar.org/phpmyquote-020-version-multiple-sql-and-xss-vulnerabilities-3501.html
MainPage: http://yollubunlar.org/category/web-security
mail : yollubunlar@yollubunlar.org
Exploit Sql : http://site.com/script_path/index.php?action=edit&id=[Sql injction]
Name: T64KIT1001399-V51BB26-ES-20071207
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001399-V51BB26-ES-20071207
MD5 checksums are available from the ITRC patch database main page. From the patch database main page, click Tru64 UNIX, then click verifying MD5 checksums under useful links.
PRODUCT SPECIFIC INFORMATION
HISTORY
Version:1 (rev.1) - 19 December 2007 Initial release
PREREQUISITE: HP Tru64 UNIX v5.1B-3 PK5 (BL26) or HP Tru64 UNIX v5.1B-3 PK5 (BL26)
NOTE: Use the Perl patch kit appropriate to the operating system version
MD5 checksums are available from the ITRC patch database main page. From the patch database main page, click Tru64 UNIX, then click verifying MD5 checksums under useful links.
PRODUCT SPECIFIC INFORMATION
HISTORY
Version:1 (rev.1) - 19 February 2008 Initial release
Name: SWS-681.tar.gz
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=SWS-6.81" show="replace">http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=SWS-681
MD5 checksums are available from the ITRC patch database main page. From the patch database main page, click Tru64 UNIX, then click verifying MD5 checksums under useful links.
PRODUCT SPECIFIC INFORMATION
HISTORY
Name: T64KIT1001467-V51BB26-ES-20080314
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001467-V51BB26-ES-20080314
MD5 checksums are available from the ITRC patch database main page. From the patch database main page, click Tru64 UNIX, then click verifying MD5 checksums under useful links.
PRODUCT SPECIFIC INFORMATION
HISTORY
Cisco Unified Presence versions prior to 6.0(3) are affected by the
vulnerabilities described in this advisory.
Administrators of systems running all Cisco Unified Presence versions
can determine the software version by viewing the main page of the
Cisco Unified Presence Administration interface. The software version
can be determined by running the command show version active via the
Command Line Interface (CLI).
Products Confirmed Not Vulnerable
Manager (CUCM) version 4.x can determine the software version by
navigating to Help > About Cisco Unified CallManager and selecting
the Details button via the CUCM administration interface.
Administrators of systems that are running CUCM versions 5.x and 6.x
can determine the software version by viewing the main page of the
CUCM administration interface. The software version can also be
determined by running the command show version active via the command
line interface (CLI).
Products Confirmed Not Vulnerable
>> Apply Vendor patch:
>> http://www.knowledgetree.org/Security_advisory:_URL_Manipulation
>>
>>
>> Disclaimer: Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on the web page in Reference field.
> Main page says: "KnowledgeTree Community Edition is unsupported, untested software and not designed for production use. KnowledgeTree Inc. does not warrant this software in any way." and atest version is 3.7, which is released December 2009. Could you give me the URL where they responded to your contact and fixed this vulnerability?
>
> Even their https://issues.knowledgetree.com/ says "Your KnowledgeTree account has been suspended."
>
> If one does fill their form and download this they are still serving 3.7 version. In download-page there is also link http://www.scribd.com/doc/23362922/What%E2%80%99s-New-in-KnowledgeTree-3-7 to "What's new"-page, which is only about Commercial Edition.
>
button via the Cisco Unified Communications Manager Administration
interface.
Administrators of systems that are running Cisco Unified
Communications Manager versions 5.x and 6.x can determine the
software version by viewing the main page of the Cisco Unified
Communications Manager Administration interface. The software version
can also be determined by running the command show version active via
the command line interface (CLI).
Products Confirmed Not Vulnerable
CallManager and selecting the Details button via the Cisco Unified
Communications Manager administration interface.
Administrators of systems that are running Cisco Unified
Communications Manager software versions 5.x, 6.x, and 7.x can
determine the software version by viewing the main page of the Cisco
Unified Communications Manager administration interface. The software
version can also be determined by running the command show version
active via the command line interface (CLI).
Products Confirmed Not Vulnerable
Name: T64KIT1001522-V51BB26-ES-20080808
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001522-V51BB26-ES-20080808
MD5 checksums are available from the ITRC patch database main page. From the patch database main page, click Tru64 UNIX, then click verifying MD5 checksums under useful links.
PRODUCT SPECIFIC INFORMATION
None
HISTORY
8.2. *Obtaining the right USERNAME*
To get the right username, we can take advantage of some other
idiosyncrasies of Internet Explorer. If it is possible to make outbound
SMB requests to an untrusted web server we can leverage that to include
inside the main page some references to inexistent resources in our
server. The client will attempt to establish a SMB connection against it
from where the 'USERNAME' could be obtained as well as some other useful
data such as the 'COMPUTERNAME' or the ciphered challenge/response.
Our proof of concept contemplates 2 possibilities:
|
