[30699] in bugtraq
W-Agora 4.1.5
daemon@ATHENA.MIT.EDU (Martin Eiszner)
Fri Jul 11 15:02:39 2003
Date: Fri, 11 Jul 2003 11:16:57 +0200
From: Martin Eiszner <martin@websec.org>
To: bugtraq@securityfocus.com
Message-Id: <20030711111657.4cd5a94e.martin@websec.org>
Mime-Version: 1.0
Content-Type: multipart/mixed;
boundary="Multipart_Fri__11_Jul_2003_11:16:57_+0200_081f08a0"
--Multipart_Fri__11_Jul_2003_11:16:57_+0200_081f08a0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
hola,
security issues for W-Agora 4.1.5. attached (wagora.txt).
nice day,
mEi
--
WebSec.org / Martin Eiszner
Gurkgasse 49/Top14
1140 Vienna
Austria / EUROPE
mei@websec.org
http://www.websec.org
tel: 0043 699 xxxxxxxx
--Multipart_Fri__11_Jul_2003_11:16:57_+0200_081f08a0
Content-Type: application/octet-stream;
name="wagora.txt"
Content-Disposition: attachment;
filename="wagora.txt"
Content-Transfer-Encoding: base64
Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09ClNlY3VyaXR5IFJFUE9SVCBXLUFnb3JhIDQu
MS41Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09CgpQcm9kdWN0OglXLUFnb3JhIDQuMS41
IChtYXliZSBlYXJsaWVyKQpWdWxuZXJhYmxpdGllczoJaW5mb3JtYXRpb24gZGlzY2xvc3VyZSwg
cGF0aCBkaXNjbG9zdXJlLCBhcmJpdHJhcnkgZmlsZS11cGxvYWQsIE9TIGNvbW1hbmQgZXhlY3V0
aW9uLCBjcm9zcyBzaXRlIHNjcmlwdGluZwpWdWxuLi1DbGFzc2VzOglDaGVjayBvdXQgaHR0cDov
L3d3dy5vd2FzcC5vcmcvYXNhYy8gZm9yIG1vcmUgZGV0YWlsZWQgaW5mb3JtYXRpb24gb24gIkF0
dGFjayBDb21wb25lbnRzIgpWZW5kb3I6CQlXLUFnb3JhIFNlcnZpY2VzIChodHRwOi8vd3d3Lnct
YWdvcmEuY29tLykKVmVuZG9yLVN0YXR1czoJY29udGFjdGVkICJpbmZvQHctYWdvcmEubmV0IiBv
biBKdWwuNnRoIDIwMDMgClZlbmRvci1QYXRjaHM6CQoJCWh0dHA6Ly9jdnMuc291cmNlZm9yZ2Uu
bmV0L2NnaS1iaW4vdmlld2N2cy5jZ2kvKmNoZWNrb3V0Ki93LWFnb3JhL3ctYWdvcmE0L21vZHVs
ZXMucGhwMz9yZXY9MS4yCgkJaHR0cDovL2N2cy5zb3VyY2Vmb3JnZS5uZXQvY2dpLWJpbi92aWV3
Y3ZzLmNnaS8qY2hlY2tvdXQqL3ctYWdvcmEvdy1hZ29yYTQvaW5kZXgucGhwMz9yZXY9MS4xNQoJ
CWh0dHA6Ly9jdnMuc291cmNlZm9yZ2UubmV0L2NnaS1iaW4vdmlld2N2cy5jZ2kvKmNoZWNrb3V0
Ki93LWFnb3JhL3ctYWdvcmE0L2luc2VydC5waHAzP3Jldj0xLjc4CgkJaHR0cDovL2N2cy5zb3Vy
Y2Vmb3JnZS5uZXQvY2dpLWJpbi92aWV3Y3ZzLmNnaS8qY2hlY2tvdXQqL3ctYWdvcmEvdy1hZ29y
YTQvdXBkYXRlLnBocDM/cmV2PTEuNjMKCkV4cGxvaXRhYmxlOgpMb2NhbDoJCS0tLQpSZW1vdGU6
CQlZRVMKCj09PT09PT09PT09PQpJbnRyb2R1Y3Rpb24KPT09PT09PT09PT09CgpWaXNpdCAiaHR0
cDovL3d3dy53LWFnb3JhLmNvbS9lbi9pbmRleC5waHAiIGZvciBhZGRpdGlvbmFsIGluZm9ybWF0
aW9uLgoKPT09PT09PT09PT09PT09PT09PT09ClZ1bG5lcmFiaWxpdHkgRGV0YWlscwo9PT09PT09
PT09PT09PT09PT09PT0KCjEpIElORk8gRElTQ0xPU1VSRSAKPT09PT09PT09PT09PT09PT09CgpP
QkpFQ1Q6CmluZGV4LnBocCAKCkRFU0NSSVBUSU9OOgpCeSByZXF1ZXN0aW5nICJpbmZvIiBhcyBR
VUVSWS1TVFJJTkcgdGhlIHN5c3RlbSBnaXZlcyBvdXQgc2Vuc2l0aXZlIGluZm9ybWF0aW9uIAph
Ym91dCB1c2VybmFtZXMsIGRhdGFiYXNlLXN5c3RlbXMsIHBhdGhzIGFuZCBvdGhlciB2ZXJzaW9u
LWluZm9zLgoKRVhBTVBMRToKLS0tKi0tLQpodHRwLXJlcXVlc3QKaHR0cDovL3NlcnZlcm5hbWUv
dy1hZ29yYXBhdGgvaW5kZXgucGhwP2luZm8KLS0tKi0tLQoKCjIpIFBBVEggRElTQ0xPU1VSRQo9
PT09PT09PT09PT09PT09PT0KCk9CSkVDVDoKbW9kdWxlcy5waHAKCkRFU0NSSVBUSU9OOgpSZXF1
ZXN0aW5nICJtb2R1bGVzLnBocCIgd2l0aCBpbnZhbGlkICJtb2QiIC0gYW5kICJmaWxlIiBwYXJh
bWV0ZXJzIGxlYWRzIHRvIGRpc2Nsb3N1cmUKb2Ygc3lzdGVtIGluc3RhbGxhdGlvbiBwYXRocy4K
CkVYQU1QTEU6Ci0tLSotLS0KaHR0cC1yZXF1ZXN0Cmh0dHA6Ly9zZXJ2ZXJuYW1lL3ctYWdvcmFw
YXRoL21vZHVsZXMucGhwP21vZD14JmZpbGU9eQotLS0qLS0tCgoKMykgQVJCSVRSQVJZIEZJTEUg
VVBMT0FEUwo9PT09PT09PT09PT09PT09PT09PT09PT09CgpPQkpFQ1Q6Cmluc2VydC5waHAKCkRF
U0NSSVBUSU9OOgpJZiBhbGxvd2VkIHVwbG9hZGVkIGZpbGVzIGFyZSBzYXZlZCBpbiB0aGUgZGly
ZWN0b3J5OiAKLS0tKi0tLQovZm9ydW1zL1tzaXRlbmFtZV0vW2ZvcnVtbmFtZV0vbm90ZXMvYXR0
TnIoc2VlIGRlbF9hdHRbXSBjaGVja2JveCkuKGZpbGVuYW1lLmV4dCkuW2ZpbGVuYW1lLmV4dGVu
c2lvbl0KLS0tKi0tLQoKSWYgdGhpcyBkaXJlY3RvcnkgaXMgbm90IHByb3RlY3RlZCAoYXMgcmVj
b21tYW5kZWQgYnkgdy1hZ29yYSksIGl0IGlzIHBvc3NpYmxlIHRvIGFjY2VzcyB0aGVzZSAKZmls
ZXMgdGhydSBodHRwLXJlcXVlc3RzLiBDb21iaW5lZCB3aXRoIHVwbG9hZGVkIHNjcmlwdHMgdGhp
cyBsZWFkcyB0byAiQXJiaXRyYXJ5IE9TIGNvbW1hbmQgZXhlY3V0aW9uIiEKCgo0KSBBUkJJVFJB
UlkgT1MgQ09NTUFORCBFWEVDVVRJT04KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
CgpPQkpFQ1Q6CmluZGV4LnBocAoKREVTQ1JJUFRJT046ClRoZSAiYWN0aW9uIiBwYXJhbWF0ZXIg
YWxsb3dzIHRoZSBpbnNlcnRpb24gb2YgZmlsZXMgd2l0aCBhIHZhbGlkICJzY3JpcHQtZXh0ZW5z
aW9uIi4KQ29tYmluZWQgd2l0aCBQdC4zKSB0aGlzIGxlYWRzIHRvIGFyYml0cmFyeSBPUyBjb21t
YW5kIGV4ZWN1dGlvbi4KCkVYQU1QTEU6Ci0tLSotLS0KaHR0cC1yZXF1ZXN0Cmh0dHA6Ly9zZXJ2
ZXJuYW1lL3ctYWdvcmFwYXRoL2luZGV4LnBocD8Kd2l0aCBwYXJhbXM6CmJuPVt2YWxpZHNpdGVu
YW1lXV9bZm9ydW1uYW1lXQomYWN0aW9uPWZvcnVtcy9bc2l0ZW5hbWVdL1tmb3J1bW5hbWVdL25v
dGVzL1thdHQtbnJdLltzY3JpcHRuYW1lX3dpdGhvdXRfZXh0ZW5zaW9uXQotLS0qLS0tCgoKNSkg
Q1JPU1MgU0lURSBTQ1JJUFRJTkcgLyBDT09LSUUgVEhFRlQKPT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT0KCk9CSkVDVDoKcHJvZmlsZS5waHAKCkRFU0NSSVBUSU9OOgpCeSBj
aGFuZ2luZyB0aGUgdmFsdWUgb2YgdGhlICJhdmF0YXItVVJMIiBjbGllbnQgc2lkZSBzY3JpcHRz
IGNhbiBiZSBleGVjdXRlZC4gVGh1cyBsZWFkaW5nIAp0byBjb29rZS0gYW5kIGFjY291bnQoaW5j
bHVkaW5nIGFkbWluKSB0aGVmdCAoY29va2llcyBhcmUgdXNlZCBmb3IgYXV0aGVudGljYXRpb24p
LgoKRVhBTVBMRToKCmNoYW5naW5nIHRoZSAiYXZhdGFyIiAtIHZhbHVlIHRvOgotLS0qLS0tCiJo
dHRwOi8vd2wuc2submV0L2VhbHNkay5naWYnIG9uRXJyb3I9J2phdmFzY3JpcHQ6YWxlcnQoZG9j
dW1lbnQuY29va2llKSIKLS0tKi0tLQpsZWFkcyB0byBleGVjdXRpb24gb2YgSlMuIAoKCj09PT09
PT0KUmVtYXJrcwo9PT09PT09CgotLS0KCj09PT09PT09PT09PT09PT09PT09ClJlY29tbWVuZGVk
IEhvdGZpeGVzCj09PT09PT09PT09PT09PT09PT09Cgpzb2Z0d2FyZSBwYXRjaChlcykuCgoKRU9G
IE1hcnRpbiBFaXN6bmVyIC8gQDIwMDNXZWJTZWMub3JnCgoKPT09PT09PQpDb250YWN0Cj09PT09
PT0KCldlYlNlYy5vcmcgLyBNYXJ0aW4gRWlzem5lcgpHdXJrZ2Fzc2UgNDkvVG9wMTQKMTE0MCBW
aWVubmEKCkF1c3RyaWEgLyBFVVJPUEUKCm1laUB3ZWJzZWMub3JnCmh0dHA6Ly93d3cud2Vic2Vj
Lm9yZwo=
--Multipart_Fri__11_Jul_2003_11:16:57_+0200_081f08a0--
