W-Agora Vulnerabilities

2011-10-09 / 2011-10-10
Credit: MustLive
Risk: High
Local: No
Remote: Yes
CWE: CWE-22
CWE-79

Hello Bugtraq! I want to warn you about Cross-Site Scripting and Local File Inclusion vulnerabilities in W-Agora. In addition to vulnerabilities in this system which I found and disclosed in 2006 (SecurityVulns ID: 6960). ------------------------- Affected products: ------------------------- Vulnerable are W-Agora 4.2.1 and previous versions. ---------- Details: ---------- XSS (WASC-08): http://site/news/search.php3?bn=%3Cbody%20onload=alert(document.cookie)% 3E Local File Inclusion (WASC-31): It's possible to include php-files (with extension php3 in version W-Agora 4.1.5 or with extension php in version 4.2.1). In folder conf: http://site/news/search.php3?bn=1 In any folder (only on Windows-servers): http://site/news/search.php3?bn=..\1 In last versions of the system search.php3 has name search.php. ------------ Timeline: ------------ 2010.08.27 - announced at my site. 2010.08.29 - informed developers. Developers of W-Agora didn't answer and didn't fix the holes (unlike in 2006). 2010.10.22 - disclosed at my site. I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/4481/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua

References:

http://www.securityfocus.com/bid/44370
http://www.securityfocus.com/archive/1/archive/1/514420/100/0/threaded
http://packetstormsecurity.org/1010-exploits/wagora-lfixss.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top