[VIM] Confirmation (source inspection) of various r0t-discovered
jkouns at opensecurityfoundation.org
Sun Nov 27 13:45:41 EST 2005
Considering we were receiving an email every other hour for the last
couple days I also had "taken a small interest"....
Late last night he posted a message:
Again, with that small interest I wanted to know what it said and I
figured it would be a quick translation. However, before I could even
start to translate it, I needed to figure out what language it is!
Looking at the 14 year old bio, he states: Location: Turku : Finland
Trying to translate Finnish to English didn't go over very well, but the
first word was translated to "Accident"
Trying to figure out if there is another language...
Pasted the post into the
Xerox -- Language Identifier/Guesser
They guess: Latvian_cp1257
Fuzzums -- Language Identifier/Guesser
Doing a Latvian translation produced absolutely nothing. So, this small
interest has wasted a good amount of time. If anyone figures out what
was posted, let me know.
For some reason I am still curious.
> ---------- Forwarded message ----------
> From: Steven M. Christey <coley at mitre.org>
> To: vim at attrition.org
> Date: Sun, 27 Nov 2005 03:05:58 -0500 (EST)
> Reply-To: Vulnerability Information Managers <vim at attrition.org>
> Subject: [VIM] Confirmation (source inspection) of various
> r0t-discovered issues
> I've taken a small interest in observing r0t (r0t3d3Vil) since he's
> done a whole lot of reports in the past couple of days in software
> that hasn't been reported vulnerable before... plus his blog profile
> says he's 14.
> Most of his analyses are of for-purchase products, so I couldn't check
> those. At least one demo site for one vendor had been tested by him,
> as his leftover XSS attempts indicated :-/ so some of his results
> might be coming from tests of vendor demo sites.
> Anyway, for some products with source available, I was able to confirm
> - by source inspection only - several recent issues.
> searchFor is directly inserted into a $title variable.
> line 205 news.php -
> $where="AND c.category_id=".$_REQUEST['category']."";
> Multiple locations exist, including the title() function where a
> $_GET['id'] (line 174) is fed directly into a $query variable without
> quoting (line 179), which is then fed to mysql_query() (line 180).
> source code review of 1.3 shows that snews.php is the affected file.
> For CVE-2005-3833 - Tunez "songinfo.php?song_id=[SQL]" SQL injection -
> source code inspection of songinfo.php suggests that an addslashes()
> is performed on the song_id parameter, so this report might be
> incorrect or associated with a different type of issue, e.g. a SQL
> error from a query with a non-numeric value.
> - Steve
> Name: CVE-2005-3834
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3834
> Reference: BID:15548
> Reference: URL:http://www.securityfocus.com/bid/15548
> Reference: OSVDB:21063
> Reference: URL:http://www.osvdb.org/21063
> Reference: SECUNIA:17692
> Reference: URL:http://secunia.com/advisories/17692
> Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21
> and earlier allows remote attackers to inject arbitrary web script or
> HTML via the searchFor parameter.
> Name: CVE-2005-3846
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3846
> Reference: FRSIRT:ADV-2005-2595
> Reference: URL:http://www.frsirt.com/english/advisories/2005/2595
> SQL injection vulnerability in news.php in Fantastic News 2.1.1 and
> earlier allows remote attackers to execute arbitrary SQL commands via
> the category parameter.
> Name: CVE-2005-3853
> Status: Candidate
> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3853
> Reference: OSVDB:21093
> Reference: URL:http://www.osvdb.org/21093
> Reference: SECUNIA:17688
> Reference: URL:http://secunia.com/advisories/17688
> SQL injection vulnerability in snews.php in sNews 1.3 and earlier
> allows remote attackers to execute arbitrary SQL commands via the (1)
> id and (2) category parameters to index.php.
More information about the VIM