Home » 2009 » June » 27
Hi,

Here's the vulnerabilities descriptions and POCs:
##############################
###

I write to report three vulnerabilities that I found in the last version of Aardvark Topsites PHP(5.2.1) and older versions.

The cause of all of them is the incorrect verification of input parameters.


Here are the vulnerabilities:
==================

HTML Injection (up to 5.2.0)
--------------------------

For example, is possible to inject a link to any URL with any anchor text.

POC: /index.php?a=search&q=psstt+security”><a+href%3Dhttp%3A%2F%2Fwebsec.id3as.com>Web-Application-Security


Information Disclosure 1 (up to 5.2.1)
--------------------------

Disclosure of full path of the application sources when you put a negative number at the ’start’ parameter.

POC: /index.ph ... Read more »
Views: 8895 | Added by: apeh1706 | Date: 2009-06-27 | Comments (2)

I. The Vulnerability

Gizmo does not check SSL certificate before sending user credentials.
An attacker is able to obtain username and password with a spoofed
certificate and no alert is generated to the user.
This vulnerability was found in Gizmo for Linux 3.1.0.79. Other
versions may also be affected.

II. Disclosure Timeline

06/19/2009 - Vendor contact.
06/26/2009 - No answer. Public Disclosure.

III. Vendor

http://gizmo5.com/

IV. Credit

Gabriel Menezes Nunes <gab.mnunes [at] gmail (dot) com>
Views: 7357 | Added by: apeh1706 | Date: 2009-06-27 | Comments (0)

aMSN SSL Certificate Vulnerability

I. The Vulnerability

aMSN does not check SSL certificate before sending MSN user
credentials. An attacker is able to obtain MSN username and password
with a spoofed certificate and no alert is generated to the user.
This vulnerability was found in aMSN 0.97.2. Other versions may also
be affected.

II. Disclosure Timeline

06/19/2009 - Vendor contact.
06/26/2009 - No answer. Public Disclosure.

III. Vendor

http://www.amsn-project.net/

IV. Credit

Gabriel Menezes Nunes <gab.mnunes [at] gmail (dot) com>
Views: 2440 | Added by: apeh1706 | Date: 2009-06-27 | Comments (0)