Next Page >>
weblog
3. *Vulnerability Description*
WordPress is a web application written in PHP that allows the easy
installation of a flexible weblog on any computer connected to the
Internet. WordPress 2.7 reached more than 6 million downloads during
June 2009 [9].
A vulnerability was found in the way that WordPress handles some URL
requests. This results in unprivileged users viewing the content of
List of found vulnerabilities
===============================================================================
1. Insecure file upload in blog personal gallery
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Security risk: critical
Preconditions:
1. attacker must be registered user
SUBJECT: Microsoft SWI blog inaccuracies
Hello BugTraq
As you know, 3 weeks ago I published my paper, "Microsoft
Windows DNS Stub Resolver Cache Poisoning"
(http://www.trusteer.com/docs/Microsoft_Windows_resolver_DNS_cache_poisoning.pdf),
simultaneously with Microsoft's release of MS08-020
(http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx).
.OR.ID
ECHO_ADV_100$2008
-----------------------------------------------------------------------------------------
[ECHO_ADV_100$2008] Comdev Web Blogger <= 4.1.3 (arcmonth) Sql Injection Vulnerability
-----------------------------------------------------------------------------------------
Author : M.Hasran Addahroni
Date : July, 14 th 2008
Location : Jakarta, Indonesia
- Severity: 6.8/10 (CVSS scored)
=============================================
I. VULNERABILITY
-------------------------
Simple PHP Blog <= 0.5.1 Local File Include vulnerability
II. BACKGROUND
-------------------------
Simple PHP Blog is a blog system does not requires database setup, and
is very easy to install.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
PR08-13: Persistent Cross-site Scripting (XSS) on Moodle via blog entry
title
Vulnerability found: 20/06/2008
Vendor informed: 25/06/2008
I've found that funny result when i try to input some miscellaneous parameters in the query string.
When i try to click the HIGHLIGHTED POSTS in the blog but that entry had no longer exist.
Dear Yahoo,
I've found a bug on your site that i can list all the comments, all the entry belong to the public blog. When i try to click in the HighLighted post in a blog but this entry had no longer existed,
the page result is only the box for comment.
I look at the URL Address, it like this:
http://blog.360.yahoo.com/blog-(blog user encrypted ID)?cq=1&p=
I guest the string that encrypted in the query string is the blog user encrypted ID
Ok so now i try to input the query string paramter like this
http://blog.360.yahoo.com/blog-(blog user encrypted ID)?cq=2&p='
Neuron Blog Admin Permission Bypass and Remote File Upload Vulnerability
------------------------------------------------------------------------
Script : Neuron Blog
Version : 1.1
Site : http://dev.localhost.be/?q=detail-script&id=11
Founder : Rizgar
During research on MySQL Column Truncation Vulnerabilities it was
discovered that the user registration system of Wordpress is not
protected against this kind of attack. Further research then
discovered that this vulnerability can be used to reset the passwords
of users to a random string when user registration is activated
in the blog.
In addition to this it was discovered that Wordpress uses mt_rand()
to create passwords and reset tokens, which is not secure enough
for cryptographic secrets. The use of mt_rand() allows predicting
the randomly generated passwords when the PRNG is freshly seeded
BP Blog 6.0 (id) Remote Blind SQL Injection Vulnerability
JosS, Jose Luis Gngora Fernndez
Spanish Hackers Team
www.spanish-hackers.com
[+] Info:
[~] Software: bp blog
[~] HomePage: http://blog.betaparticle.com/
H - Security Labs
Eggblog v3.1.0 Security Advisory
ID : HSEC#20071111
General Information
--------------------------
Name : EggBlog v.3.1.0
Vendor HomePage :http://sourceforge.net/projects/eggblog/
Platforms : PHP && MySQL
Vulnerability Type : Input Validation Error
WordPress MU < 2.7 'Host' HTTP Header Cross Site Scripting (XSS)
Vulnerability
II. BACKGROUND
-------------------------
WordPress MU, or multi-user, allows to run unlimited blogs with a
single install of wordpress. It is most famously used for
WordPress.com where it serves tens of millions of hits on hundreds of
thousands of blogs each day. Also is used in many other sites like
Harvard University and Le Monde.
******* Salvatore "drosophila" Fresta *******
[+] Application: RitsBlog
[+] Version: 0.4.2
[+] Website: http://sourceforge.net/projects/ritsblog/
[+] Bugs: [A] SQL Injection
[B] XSS Persistent
[+] Exploitation: Remote
Subject: FC2 BLOG Cross-Site Scripting Vulnerabilities
Application: FC2 BLOG
Vendor:BLOG.FC2.COM
Corporation: FC2, Inc.
DATE : 9 Oct 2008
Description: FC2 BLOG Cross-Site Scripting Vulnerabilities
Vulnerability:
==============
They do not properly sanitize the potentially malicious input content
Secure Network - Security Research Advisory
Vuln name: Simple PHP Blog Multiple Vulnerabilities
Systems affected: simplePHPBlog 0.5.0.1, simplePHPBlog 0.4.8 and all previous versions
Systems not affected: -
Severity: Medium
Local/Remote: Remote
Vendor URL: http://www.simplephpblog.com/
Author(s): Luca "ikki" Carettoni - luca.carettoni@securenetwork.it, Luca "Daath" De Fulgentis - daath@webapptest.org
Vendor disclosure: 14th September 2007
----------------------------------------------------------------------
(PT-2009-14) Positive Technologies Security Advisory
BLOG:CMS Cross-Site Scripting vulnerability
----------------------------------------------------------------------
---[ Affected Software ]
of arbitrary files outside the intended path of the web documents. Any
device that exposes an HTTP-based interface is potentially vulnerable to
path traversal.
In the MacOS X Server the python web server called "Wiki Server" is
enabled by default and every system user has a weblog available to post
articles and files. Attached files are written for example in path
'/Library/Collaboration/Users/guest/weblog/3f081.page/attachments/731b1/'
for user 'guest' where '3f081' are hash/random hexa characters assigned
to the blog post title and '731b1' are hash/random hexa characters
assigned to the file uploaded.
II. BACKGROUND
-------------------------
WordPress is a state-of-the-art publishing platform with a focus on aesthetics, web standards,
and usability. WordPress is both free and priceless at the same time. More simply, WordPress is
what you use when you want to work with your blogging software, not fight it.
III. DESCRIPTION
-------------------------
Wordpress allows authorised users to add an attachment to a blog post.
Microsoft has issued a patch to fix the vulnerability and a detailed
description of how to implement the workarounds on IE. It is available
as Security Bulletin http://go.microsoft.com/fwlink/?LinkID=150860.
Microsoft's Research and Defense blog has further discussion about the
vulnerability, workarounds and mitigations [3].
7. *Credits*
- - The victim's user ID ('id') parameter and course ID ('course'
parameter) are required for a successful attack. However, such values
are public as they can be obtained from many sections of the site such as:
user blogs ('/blog/')
chats
public profiles. i.e.: '/user/view.php?id=2&course=1',
'/user/index.php?id=1',
'/user/index.php?id=1&group=&perpage=20&teachers=1&accesssince=0&search=0&perpage=500'
Additional Drawing
- ------------------
If you help us to spread the word about the Month of PHP Security
and the open CFP by writing a blog posting about it, you have the
chance to win one of ten 33 USD/25 EUR Amazon Coupons. To participate
you have to write a blog posting about the Month of PHP Security CFP
and send a link to your blog posting to drawing@php-security.org
The winners will be announced on May 1, 2010.
Additional Drawing
- ------------------
If you help us to spread the word about the Month of PHP Security
and the open CFP by writing a blog posting about it, you have the
chance to win one of ten 33 USD/25 EUR Amazon Coupons. To participate
you have to write a blog posting about the Month of PHP Security CFP
and send a link to your blog posting to drawing@php-security.org
The winners will be announced on May 1, 2010.
Update:
Aladdin responded and posted a blog post, please read the timeline and
then the blog post.
http://www.aladdin.com/AircBlog/post/2009/05/Archive-Bypass-Issue-and-eSafe.aspx
It is said that :
-----------------
"This means that in case a customer receives such a specially crafted
Hi All,
I have been posting a few entries to my blog over the last few weeks on Oracle 11g Security and have been looking at the new SHA-1 password algorithm used in Oracle 11g.
The password algorithm is simple and very easy to guess once you realise that the sha1 verifier stored in the database is 80 bits too long. Its also obvious from other testing I documented on my blog that a salt is indeed used. Once these facts are known the algoritm can be guessed. The algorithm is simply SHA1(pwd||salt) = 160 bit verifier||salt (stored in sys.user$spare4.
To create a simple function to test a verifier you simply need to do:
SYS.USER$.SPARE4 = SHA1("pwd guess" || substr(sys.user$.spare4,43,10)) || substr(sys.user$.spare4,43,10)
Hi All,
I have been posting a few entries to my blog over the last few weeks on Oracle 11g Security and have been looking at the new SHA-1 password algorithm used in Oracle 11g.
The password algorithm is simple and very easy to guess once you realise that the sha1 verifier stored in the database is 80 bits too long. Its also obvious from other testing I documented on my blog that a salt is indeed used. Once these facts are known the algoritm can be guessed. The algorithm is simply SHA1(pwd||salt) = 160 bit verifier||salt (stored in sys.user$spare4.
To create a simple function to test a verifier you simply need to do:
SYS.USER$.SPARE4 = SHA1("pwd guess" || substr(sys.user$.spare4,43,10)) || substr(sys.user$.spare4,43,10)
once the material has been analysed.
10.04.2009 - Sending another POC file (ZIP)
10.04.2009 - The third person ergo the "Cyber
Incident & Vulnerability Handling PM" is taking over coorindation
14.04.2009 - A comment was made to my blog that indicated IBM did
answer the Bugtraq posting and negate my findings, having
received no response from them personaly I ask
"Dear Peter, I was refered to this url in a comment posted to my blog:
http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417
can you confirm this ?"
TZ>> once the material has been analysed.
TZ>> 10.04.2009 - Sending another POC file (ZIP)
TZ>> 10.04.2009 - The third person ergo the "Cyber
TZ>> Incident & Vulnerability Handling PM" is taking over coorindation
TZ>> 14.04.2009 - A comment was made to my blog that indicated IBM did
TZ>> answer the Bugtraq posting and negate my findings, having
TZ>> received no response from them personaly I ask
TZ>> "Dear Peter, I was refered to this url in a comment posted to my blog:
TZ>> http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417
TZ>> can you confirm this ?"
Virangar Security Team
# Tilte: WellyBlog Open Source Blog Portal Cross Site Scripting Vulnerabilitiy
# Author..................: [the_Edit0r]
# Homepage ...............: [Www.Virangar.net][www.virangar.ir]
# Location ...............: [Iran]
I found a link about some web applications vulnerability.
1. Chicomos CMS Configuration File Disclosoure
2. Zomplog 3.8.2 Blog Engine Arbitrary Files Download/Disclosoure
3. Wheatlog Blog Engine Auto Create User
See below
http://kandangjamur.net/tutorial/multiple-application.txt
==========================================================
Exteen Blog XSS Remote Cookie Disclosure Exploit
==========================================================
AUTHOR : CWH Underground
DATE : 22 May 2008
SITE : www.citec.us
Next Page>>
|
