W-Agora Vulnerabilities

2011-10-09 / 2011-10-10
Credit: MustLive
Risk: High
Local: No
Remote: Yes

Hello Bugtraq! I want to warn you about Cross-Site Scripting and Local File Inclusion vulnerabilities in W-Agora. In addition to vulnerabilities in this system which I found and disclosed in 2006 (SecurityVulns ID: 6960). ------------------------- Affected products: ------------------------- Vulnerable are W-Agora 4.2.1 and previous versions. ---------- Details: ---------- XSS (WASC-08): http://site/news/search.php3?bn=%3Cbody%20onload=alert(document.cookie)% 3E Local File Inclusion (WASC-31): It's possible to include php-files (with extension php3 in version W-Agora 4.1.5 or with extension php in version 4.2.1). In folder conf: http://site/news/search.php3?bn=1 In any folder (only on Windows-servers): http://site/news/search.php3?bn=..\1 In last versions of the system search.php3 has name search.php. ------------ Timeline: ------------ 2010.08.27 - announced at my site. 2010.08.29 - informed developers. Developers of W-Agora didn't answer and didn't fix the holes (unlike in 2006). 2010.10.22 - disclosed at my site. I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/4481/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua



Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com


Back to Top