#!/usr/bin/perl
#
EasyNews-40tr
Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI)
I'm back, and I got more.
SQL injection within some real estate CMS software.
The vulnerability is present because of a failure to strip characters from the
variables page_id and site_id resulting in exploitation by some simple blind
SQLI.
heres an example:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-1533-2 [EMAIL PROTECTED]
http://www.debian.org/security/ Devin Carraway
April 01, 2008
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200804-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
Doesn't work on FF3.0b1 or b2.
On 3/29/08, mouss [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
This problem is not specific to IE. It works on Firefox too.
just tested on FF 2.0.0.13 and it doesn't work.
I too tested on the same version of Firefox but it worked in my case! What
address did you use as main URL. Was it google.com?
You can find the snap of the spoofed URL captured in Firefox here:
hxxp://img249.imageshack.us/my.php?image=spoofzg2.png
This is a bogus vulnerability.
Ability to dump the process memory for a random system account implies that the
system is fully compromised.
Besides Hamachi 1.x does not use password-based login authentication as it's
clearly stated in a product description.