lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 15 May 2007 21:27:35 -0000
From: laurent.gaffie@...ecurityfocus.com, m@...urityfocus.com,
	a@...urityfocus.com, i@...urityfocus.com, l.com@...urityfocus.com
To: bugtraq@...urityfocus.com
Subject: Re: Jetbox CMS version 2.1 E-Mail Injection Vulnerability

hi there 

jetbox cms is also vulnerable to severals xss GET:
http://127.0.0.1/jetbox/index.php/view/search/?path=[xss]
http://127.0.0.1/jetbox/index.php/view/supplynews/?companyname=[xss]
http://127.0.0.1/jetbox/index.php/view/supplynews/?companyname=1&country=[xss]
http://127.0.0.1/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=[xss]
http://127.0.0.1/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=1&firstname=[xss]
http://127.0.0.1/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=1&firstname=1&middlename=[xss]http://127.0.0.1/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=1&firstname=1&middlename=1&recipient=jetbox@localhost.com&required=[xss]
http://127.0.0.1/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=1&firstname=1&middlename=1&recipient=jetbox@localhost.com&required=firstname,surname,email,companyname,country,workphone,title,topic,website,text&signupsubmit=true&subject=News&submit=Send&surname=[xss]
http://127.0.0.1/jetbox/index.php/view/supplynews/?companyname=1&country=1&email=1&firstname=1&middlename=1&recipient=jetbox@localhost.com&required=firstname,surname,email,companyname,country,workphone,title,topic,website,text&signupsubmit=true&subject=News&submit=Send&surname=1&text=1&title=[xss]

shell upload:
you can upload any kind of file if you have some authors privileges.
your file will be located here:
./jetbox/webfiles/yourfile.php

solution:
1) xss --> use: http://us.php.net/manual/en/function.htmlentities.php

2) upload script :
-->  allow only certains extension like :
txt,mp3,zip,rar,pdf,odt,doc...etc...

regards laurent gaffié.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ