Fixed
The last vulnerabilities reported by me on the last posts, are now fixed.
Have they definitely opened their eyes?...
THINK AGAIN... Someone's being lazy...
I detected the same type vulnerabilities in other parts of the social network...
-isoz
avatarsunited.com security hole 16 feb 2010 from Isoz Bioworm on Vimeo.
#Author: isoz
## No damage commited during this demonstration, its purpose is to warn the members of this site and explain that security is important.# Bioworm Security
#Email: isoz[at]null.net
#Website: AvatarsUnited.com
#Vuln: Arbitrary File Upload
#Status: Fixed
#Date: 16 February 2010
#Critical Level: Medium
#Short description:
#
#Possibility to upload files with extensions that could be used for malicious attacks.
#
#Example:
#-Remote Shells
#-Files containing malicious code
# Better safe than sorry
#-------------------------#--------------------------#
HTML File located inside AU: http://albums.cf.avatarsunited.com/a/newvid/a4c77a12d70ffb6a36cf178f1127baab.original.html
#Video Mirrors:
avatarsunited security hole 12 feb 2010 from Isoz Bioworm on Vimeo.
AvatarsUnited.com vulnerable to XSS attacks leaving its users at risk.
#Author: isoz
## No damage commited during this demonstration, its purpose is to explain that security is important
#Email: isoz[at]null.net
#Website: AvatarsUnited.com
#Vuln: XSS
#Status: Fixed
#Date: 12 February 2010
#Critical Level: High
#Short description:
#
#Possibility to execute a XSS attack in the 'Comment' form of the application 'Blog'.
## AU support team was contacted, and no answer provided. ## Bioworm Security
## Better safe than sorry
## Mirrors:
DailyMotion
