Archive for the ‘Discovered Vulnerabilities’ Category

Dokuwiki CSRF Add User Exploit

April 16, 2012 in Cross Site Scripting,Discovered Vulnerabilities,News,tutorial,Web Application | Comments (0)

Hi dear IRCRASH Users,

In my latest project , i analysed dokuwiki cms .

My opinion about dokuwiki , its amazing , powerful programming with secure methods . and honestly a secure wiki cms .

I find a Cross Site Scripting(XSS) Vulnerability and write a token hijacker exploit for it to add administrator users .

At last i add some references for this vulnerability :

Original Exploit : http://ircrash.com/uploads/dokuwiki.txt

Seclist maillist : http://seclists.org/bugtraq/2012/Apr/121

Securityfocus BID : http://www.securityfocus.com/bid/53041/info

Securityfocus Archive : http://www.securityfocus.com/archive/1/522392/30/0/threaded

Secunia Advisories : http://secunia.com/advisories/48848

Wikipedia Page About Cross Site Scripting : http://en.wikipedia.org/wiki/Cross-site_scripting

 

ThankYou,
Khashayar Fereidani


Linksys Cisco WAG120N CSRF Vulnerability

May 3, 2011 in Discovered Vulnerabilities | Comments (0)

Hi i found new csrf vulnerability in  wag120n .

more information : http://www.exploit-db.com/exploits/16252/


IPhone Apps Vulnerabilities

May 2, 2011 in Discovered Vulnerabilities | Comments (0)

hi guys ,

i work a little bit on some iphone applications and result :

iPhone Folders 2
iPhone iFile 2.0
iPhone MyDocs 2.7
iPhone ishred 1.93
iPhone Guitar
iPhone PDF Reader Pro 2.3