Next Page >>
usernames
Exploit (1)
Log into bytehoard using a non privileged user.
Perform any desired actions, then log out.
Click on the "Lost Details" link.
Input the desired username you want to have access to ("admin" to get
administrator access) and submit the data.
The system will either return an error message or a "mail sent" message.
Ignore the last message and go directly to the index.php page (easily
obtained by erasing the "?page=passreset" part)
You should have access to the desired account.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2.6- If you see “Error: 70500170 : User already exists in either OS or Database.“ Means that all the thing are OK!, and your permission has already set.
2.7- Now you have a full access to "[HCPATH]\Forum\DB".
Note: You can do that with "[HCPATH]\phpBB\phpBB\db" too because there is "db" directory too.
2.8- So you can upload your command executer there, but you need a file uploader at first on "testuser.com" to upload your command executer on "[HCPATH]\Forum\DB".
2.9- If your permission has not been set correctly, its always because of limitation on making a new user. So you must login with username's reseller and make a new plan with making some new user accounts permission then sell it to your username. Also, you can increase your credit amount (part 6) and buy a plan with a lot of web accounts then select it and do these operation from the first. (Note: This vulnerability works properly and there is no exception like the others!)
\\\\\\\\\\\\\\\\\\\\\
/////////////////////
3- [Remote Attacker] can make a new user.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
PR07-31: Unauthenticated SQL Injection, XSS and Username Enumeration on
DPSnet Case Progress
Vulnerabilities Found: 23 May 2007
Vendor Contacted: 10 July 2007, 31 August 2007, 17 September 2007, 12
December 2007
PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users
Description:
BEA Plumtree portal 6.0 is vulnerable to username leakage through the search facility.
By performing an advanced search, unauthenticated users can enumerate valid usernames with a single HTTP request. Wildcards are allowed in searches, which means that substrings can be used in order to target specific username types such as admin usernames and test usernames.
Note: this username enumeration weakness _doesn't_ require attackers to perform dictionary or bruteforce attacks in order to obtain usernames.
2. Reboot to activate the new settings by using the following command:
shell# reboot
Changing the Management Console Username and Password
+----------------------------------------------------
Complete these steps:
1. Open the following file in a text editor:
During a penetration test, RedTeam Pentesting discovered that the emails
sent by the IceWarp WebMail Server when using the "Forgot Password"
function are generated on the client side. Furthermore, the server
expands certain keywords in these emails to users' full names, usernames
and passwords. This allows for advanced social engineering attacks and
the potential disclosure of usernames and passwords.
Details
=======
#
#-------
#NEED:
#-------
#
#**valid username
#
#**real captcha code/img
#
#**maybe PHPSESSID (with securimage captcha plugin)
#
The Cisco ACE Application Control Engine Module and Cisco ACE 4710
Application Control Engine Cisco ACE Module and Cisco ACE 4710
Application Control Engine contain multiple vulnerabilities that, if
exploited, can could result in any of the following impacts:
* Administrative level access via default user names and passwords
* Privilege escalation
* A denial of service (DoS) condition
Cisco has released free software updates available for affected
customers. Workarounds that mitigate some of the vulnerabilities are
>> http://www.semicomplete.com/projects/pam_captcha/
>>
>> A site with a screen shot:
>> http://www.michaelboman.org/how-to/securing-ssh-access-with-pam-captcha
>>
>> I found a security problem with the pam_captcha. If you enter a username
>> that is not a valid user followed by the correct CAPTCHA, you do not get
>> prompted for a password. You simply get prompted for another CAPTCHA.
>> However, if you enter a username that is a valid user followed by the
>> correct CAPTCHA, you will get prompted for a password. This means an
>> attacker, or a script/bot could easily harvest a list of valid usernames
function WS_authenticate()
{
global $_CONF, $_TABLES, $_USER, $_GROUPS, $_RIGHTS, $WS_VERBOSE;
$uid = '';
$username = '';
$password = '';
$status = -1;
if (isset($_SERVER['PHP_AUTH_USER'])) {
. Use a different web browser to navigate untrusted web sites.
Additionally, although disabling file sharing if it is not necessary and
filtering outbound SMB connections at the endpoint or network perimeter
may not prevent exploitation it is generally a good security measure to
prevent disclosure of sensitive information such as valid usernames of
endpoint users.
Microsoft has issued a patch to fix the vulnerability and a detailed
description of how to implement the workarounds on IE. It is available
as Security Bulletin http://go.microsoft.com/fwlink/?LinkID=150860.
#!/usr/bin/perl
#
#------------------------------------------------------------------------
#(Post Form var 'username') BLIND SQLi exploit --S-CMS <= v-2.0 Beta3-->
#------------------------------------------------------------------------
#
#CMS INFORMATION:
#
#-->WEB: http://www.matteoiammarrone.com/public/s-cms/
#-->DOWNLOAD: http://www.matteoiammarrone.com/public/s-cms/
-----------------------------------------------------------------------
Talsoft S.R.L. Security Advisory
WordPress User IDs and User Names Disclosure
-----------------------------------------------------------------------
I. Advisory information
Title: WordPress User IDs and User Names Disclosure
Advisory Id: TALSOFT-2011-0526
Advisory URL: http://www.talsoft.com.ar/index.php/research/security-advisories/wordpress-user-id-and-user-name-disclosure
Date published: 2011-05-26
Wordpress 2.5
Overview:
An attacker, who is able to register a specially crafted username on
a Wordpress 2.5 installation, is able to generate authentication
cookies for other chosen accounts.
This vulnerability exists because it is possible to modify
authentication cookies without invalidating the cryptographic
- ------------------
The TANDBERG Video Communication Server is a Linux-based appliance which
supports the interoperation of a plethora of video and voice communications
devices. The VCS provides a web-based management interface implemented in PHP
which allows administrators to perform a wide variety of actions, including
configuration of the device, management of user accounts, firmware updates,
along with number of other items.
Vulnerability Details
- ---------------------
230 User %') and 1=2 union select
1,0x24312452565a583533784324716a304d4d6b4670426b4b486177644264756634392f,uid,gid,homedir,shell
from ftp # logged in
SQL log output:
query "SELECT username, password, uid, gid, homedir, shell FROM ftp
WHERE (username='{UNKNOWN TAG}') and 1=2 union select
1,0x24312452565a583533784324716a304d4d6b4670426b4b486177644264756634392f,uid,gid,homedir,shell
from ftp #') LIMIT 1"
> Hi,
Details:
If you could log on the server successfully, take the following steps and the ftp server will stop responding:
first socket connection:
1.sock.connect((hostname, 21))
2.sock.send("user %s\r\n" %username)
3.sock.send("pass %s\r\n" %passwd)
4.sock.send("PORT 127,0,0,1,122,107\r\n")
5.sock.send("APPE "+ test_string +"\r\n")
6.sock.close()
On 12/08/08 23:59, Jan Minář wrote:
> Vim: Netrw: FTP User Name and Password Disclosure
>
> 1. SUMMARY
>
> Product : Vim -- Vi IMproved
> Versions : Tested with Vim 7.1.266, 7.2, autoload/netrw.vim v131, v109
> Impact : Credentials disclosure
> Wherefrom: Remote
> Original : http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html
Hi,
On Tue, 2009-02-10 at 19:49 +0000, gat3way@gat3way.eu wrote:
> Just found out a problem with proftpd's sql authentication. The problem is easily reproducible if you login with username like:
Could you please provide the version number which is affected by this?
Running ProFTPD Version: 1.3.0 (stable) on Linux (Debian etch) I cannot
reproduce your report.
> USER %') and 1=2 union select 1,1,uid,gid,homedir,shell from users; --
>
# Lokasi : Indonesia | http://newhack.org
# Penjelasan :
#
# Kutu pada berkas "user.php" direktori "/content"
#---//---
# 59. if (!$nama || preg_match("/[^a-zA-Z0-9_-]/", $nama)) $error .= "Karakter Username tidak diizinkan kecuali a-z,A-Z,0-9,-, dan _<br />";
# 60. if (strlen($nama) > 10) $error .= "Username Terlalu Panjang Maksimal 10 Karakter<br />";
# 61. if (strrpos($nama, " ") > 0) $error .= "Username Tidak Boleh Menggunakan Spasi";
# 62. if ($koneksi_db->sql_numrows($koneksi_db->sql_query("SELECT user FROM useraura WHERE user='$nama'")) > 0) $error .= "Error: Username ".$nama." sudah terdaftar , silahkan ulangi.<br />";
# 63. if ($koneksi_db->sql_numrows($koneksi_db->sql_query("SELECT user FROM temp_useraura WHERE user='$nama'")) > 0) $error .= "Error: Username ".$nama." sudah terdaftar , silahkan ulangi.<br />";
# 64. if ($koneksi_db->sql_numrows($koneksi_db->sql_query("SELECT email FROM useraura WHERE email='$email'")) > 0) $error .= "Error: Email ".$email." sudah terdaftar , silahkan ulangi.<br />";
browser that could collect the user/pass without any interaction or
visible indication.
Note: The Password Manager bug is often misunderstood for how it work.
The reason is that there are numerous subtle variations on how the
username and password show up. The following highlights some of these:
1. If there is only one username stored in the password manager for the
specific, it will automatically show up in the username field. If there
is more than one username stored in the Password Manager, a user would
normally type in or select the specific username for the site, which
####################
- Vulnerability:
####################
+--> SQL Injection
The username, in the login form, is one-parenthesis single-quoted
injectable. For details check
the PoC section.
+--> Reflective XSS
Whenever login failed, the username will be printed without
if its configuration is similar to the following:
parser view <view name>
<Definition of the CLI view>
!
username <user ID> view <view name> secret <some secret>
!
ip scp server enable
In the above configuration snippet, the parser view command defines a
view that specifies what commands users in that view can execute. The
- -----------/
Cookies are stored in independent text files (one for each domain)
inside the cookies folder (usually located at '\Documents and
settings\USERNAME\Cookies' in all Windows NT based implementations). The
cookie file name is structured in the following manner:
/-----------
USERNAME@full.domain.name[X]
SEC Consult Security Advisory < 20090415-0 >
==========================================================================
title: Novell Teaming Multiple Vulnerabilities
* Username Enumeration
* Multiple Cross Site Scripting
* Includes vulnerable Liferay portal
program: Novell Teaming
vulnerable version: 1.0.3
homepage: http://www.novell.com/products/teaming/
found: February 2009
Syhunt: HFS (HTTP File Server) Username Spoofing and Log
Forging/Injection Vulnerability
Advisory-ID: 200801163
Discovery Date: 1.16.2008
Release Date: 1.23.2008
Affected Applications: HFS 1.5g to and including 2.3(Beta Build
#174); and possibly HFS version 1.5f
Non-Affected Applications: HFS 1.5e and earlier versions
Class: Log Forging/Injection, Username Spoofing
company assumed they would be revoking our license/contract as way to
quell the issue.
CERT - Assigned VU#120593
+Subject
Meridian Prolog Manager Username and Plain Text Password Disclosure
+Version
All Prolog Manager Versions (2007, 7.5 and pre 7.5 versions)
+Impact
>
> If a system was compromised, I'd have assumed it would be only logical
to
> investigate as to why and ultimately, what was changed.
> Auditing tools would detect this in seconds, as well as a normal human
> (unless we're talking about more than 10 user accounts on the same PC).
>
> Either case, a compromised PC should be (at least) rolled back to before
the
> attack. Anyone keeping the system running without doing this
> deserves getting hacked over and over.
Advisory Title: Mobile Rediff Username and Password Disclosure
Advisory ID: FSSA-2009-0402
Author: Gursev Kalra (gursev.kalra@foundstone.com)
Application: MobileRediff 1.04 by http://www.rediff.com/
Vendor Contact Date: 4/24/2009 (Vendor notified by email)
Release Date: 7/15/2009
Platform: Symbian OS 9.1, Series 60 v3.0. Other mobile platforms might behave in same way.
Severity: Medium (Information Disclosure)
Vendor Status: No Response received
Vim: Netrw: FTP User Name and Password Disclosure
1. SUMMARY
Product : Vim -- Vi IMproved
Versions : Tested with Vim 7.1.266, 7.2, autoload/netrw.vim v131, v109
Impact : Credentials disclosure
Wherefrom: Remote
Original : http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html
Next Page>>
|
