lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: 16 Feb 2005 09:20:46 -0000
From: PersianHacker Team <pi3ch@...oo.com>
To: bugtraq@...urityfocus.com
Subject: [PersianHacker.NET 200505-06] paNews v2.0b4 XSS Vulnerability




[PersianHacker.NET 200505-06] paNews v2.0b4 XSS Vulnerability
Date: 2005 February
Bug Number: 06

paNews
is a news management script to use on your site. Users can use paCode, special code designed to allow the adding of images and font changes in the posts without allowing users to use HTML to post harmful things such as Java scripts and applets. It has several other features making adding entries and controlling it easily.
More info @:
http://www.phparena.net/panews.php


Discussion:
--------------------
XSS Vulnerability in 'comment.php' that may allow a remote user to launch cross-site scripting attacks.

This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected Web site and may allow for theft of cookie-based authentication credentials or other attacks.

This vulnerability is reported to exist in paNews version 2.0b4, other versions might also be affected. 

Exploit:
--------------------
http://www.example.com/comments.php?op=view&newsid=1&showpost="><h1>AttackerXSSvulnerable<!--


Example:
--------------------
@ authors website!
http://demo.phparena.net/panews/comments.php?op=view&newsid=73&showpost="><h1>AttackerXSSvulnerable<!--

Solution:
--------------------
check 'showpost' value with PHP patterns then view it.


Credit:
--------------------
Discovered by PersianHacker.NET Security Team
by Pi3cH (pi3ch persianhacker net)
http://www.PersianHacker.NET

Special Thanks: our security team users.


Help
--------------------
Read our whitepaper about XSS Vulnerability (only in FARSI language):
http://www.persianhacker.net/articles/article-2322.html
visit: http://www.PersianHacker.NET
or mail me @: pi3ch persianhacker net


Note
--------------------
Scripts authors were not be contacted for this bug.
Our english article about XSS Vulnerability available   soon.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ