|
HSC Research Group -
Advisories
|
|
Written by Hackers Center
|
|
Thursday, 10 January 2008 20:16 |
 IProber <= Invalid Validation & Information Disclosure
An attacker may attack this issue to execute code in the context of the affected software. An attacker could exploit this vulnerability to have arbitrary script code execute in the context of the affected file. This may allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Remote: Yes
Local: N/A
Class: Input Validation Error
Version: IProber V0.024
Vendor: http://www.depoch.net/ (Chinese)
* Attackers can exploit these issues via a web client.
Urls:
http://www.site.com/php/iProber.php
PHP Info Disclosure: /iProber.php?act=phpinfo
Demo Software:
http://babelfish.altavista.com/babelfish/trurl_pagecontent?lp=zh_en&trurl=http%3a%2f%2ftroy.mireene.com%2fiProber.php
Hole Page:
http://babelfish.altavista.com/babelfish/trurl_pagecontent?lp=zh_en&trurl=http%3a%2f%2fwww.depoch.net%2findex.htm
Google Dork:
- Powered by dEpoch Studio
- allinurl:"iProber.php"
(Be sure to remove "phpinfo")
Only becoming a Ethical Hacker, you can stop a Hacker. Learn with out having
to pay thousands!- http://kit.hackerscenter.com - The most comprehensive security
pack you will ever find on the net!
|
