search engines
SMF Shoutbox is a popular shoutbox mod for Simple Machines Forum.The content of a post variable used to hold the user shout is stored in the database and then displayed to the visitors without being properly filtered.So we can insert HTML or Javascript code in the database which is then displayed in the shoutbox (which is usually at the index page of the forum).
Note:the content of this variable is also stored in an html file (sbox.history.html)residing in the main folder where SMF is installed so it is possible to insert and then execute php code under some server configurations.
Vulnerable versions: 1.16b down to 1.14
Search Engines query: "powered by smf 1.1" "SMF Shoutbox"
Vuln code
-In sboxDB.php
- Elxis is powerful open source content management system (CMS)
released for free under the GNU/GPL license. It has unique
multi-lingual features, it follows W3C standards, it is secure,
flexible, easy to use, and modern. The development team, Elxis Team,
paid extra attention to the optimization of the CMS for the search
engines and this lead to high performance of all elxis powered web
sites and to high ranking in search engines results.
- Site: http://www.elxis.org/
*/
/*
# The servers provided by OpenDNS are fast, but they do not reply with
# NXDOMAIN for non-existant domains, instead they supply you with an
# address of one of their search engines. They also lie about the addresses of
# of the search engines of google, microsoft and yahoo.
# If you do not like this behaviour the "reject" option may be useful.
server {
label = "opendns";
ip = 208.67.222.222, 208.67.220.220;
I want to inform readers of the list about new project - Day of bugs in
WordPress 2 - which I'll conduct at 30.07.2010, which I already announced
today at my site.
After conducting of Month of Search Engines Bugs
(http://websecurity.com.ua/category/moseb/) in June 2007 and Month of Bugs
in Captchas (http://websecurity.com.ua/category/mobic/) in November 2007, I
switched to smaller and less time-consuming, but still very interesting
projects, which I called "Day of Bugs". Such as Day of bugs in WordPress in
December 2007, Day of bugs in Google Chrome (which was going for three days)
Version Affected: 3.2.4 (newest)
Info: The Google Analytics for WordPress plugin automatically tracks and
segments all outbound links from within posts, comment author links, links
within comments, blogroll links and downloads. It also allows you to track
AdSense clicks, add extra search engines, track image search queries and it
will even work together with Urchin.
Credits: InterN0T
External Links:
What is Exomind?
Exomind is an experimental Python console and programmatic framework for
building decorated graphs and developing open-source intelligence
modules and ideas, centered on social network services, search engines
and instant messaging.
Tool:
http://corelabs.coresecurity.com/index.php?module=FrontEndMod&action=view&type=tool&name=Exomind
to the Service Center website will result in loss of functionality.
b)review the security settings of each web page within
Service Center.
c)disallow indexing of the Service Center site by search
engines using IP restrictions, robots.txt files or other measures
For more info, see:
===================
many purposes whether you want to create blog, product catalog,
classifieds, events, jobs or many others. This software gives you
opportunity to create general categories and unlimited number of
subcategories, create static pages, upload images, rate and comment
listings. The Smart Catalog has SEO optimized URLs, RSS feeds and fast
indexed with major search engines.
Description
This PHP based catalog is vulnerable to SQL Injection on search form.
Injecting a quote mark will break the SQL query and even provide
sensitive database information that could help a malicious user to
http://ruder.cdut.net
Summary:
Baidu Soba is a popular browser toolbar which developed by Baidu, a Chinese web search engine company, like Google, more informations can be found at:
http://www.baidu.com
http://bar.baidu.com/sobar/promotion.html
There exists a remote code execute vulnerability in Baidu Soba's ActiveX Control "BaiduBar.dll". A remote attacker who successfully exploit these vulnerabilities can completely take control of the affected system.
market. Furthermore, it can be handled easily in the backend as well as
designed very individually in the frontend. Besides being accessible,
our main characteristics are the high individuality regarding the layout
and ease of operation. Go and convince yourself on our reference page.
With Papoo you can create your web page easier, better, more optimized
for search engines and accessible. See here the most important
advantages of CMS Papoo at a glance."
(from the vendor's homepage)
|
