|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 47
Members: 0
Total: 47
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Scanned with Acunetix |
|
Posted: Mon Nov 03, 2008 5:50 pm |
|
|
skmpz |
Advanced user |
|
|
Joined: Oct 11, 2008 |
Posts: 169 |
Location: Cyprus |
|
|
|
|
|
|
hello.. i was messing around with Acunetix WVS .. and i smth like this.. on a website's index.php
This vulnerability affects /forum/index.php (GET sid=4e9ef875ff552e97f9b2b964798434a5
This vulnerability affects /forum/index.php (GET sid=6ae1bb20b20ef2054622ff7431ac505d)
are these hashed passwords from users which are saved from the site cos it has autocomplete on ?
and also..
Password type input named password from form named form2 with action /index.php?mode=archive&date=2008-06-04&PHPSESSID=760cb041e4a0cc349fc0a67a2b67c246 has autocomplete enabled.
could u please xplain what are these ?
could i benefit anything ?
thx in advance |
|
|
|
|
|
|
|
|
Posted: Mon Nov 03, 2008 7:51 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
I don't see any good exploitability here ... Sql injections, RFI, LFI, weak passwords, Remote Code Execution, etc - this is better ...
And by the way - do you test some opensource forum? In this case it's better search bugs from Secunia, Bugtraq and other places ... |
|
|
|
|
Posted: Mon Nov 03, 2008 9:19 pm |
|
|
skmpz |
Advanced user |
|
|
Joined: Oct 11, 2008 |
Posts: 169 |
Location: Cyprus |
|
|
|
|
|
|
so i got some High Risk XSS
The GET variable content has been set to >"><ScRiPt%20%0a%0d>alert(400409697566)%3B</ScRiPt>.
The GET variable content has been set to <script>alert(399189697106)</script>.
can i do something with theese ? |
|
|
|
|
www.waraxe.us Forum Index -> Hash related information
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|