lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 3 Feb 2004 23:29:10 +0100 (CET)
From: mantra@...-zx.net
To: bugtraq@...urityfocus.com
Subject: Multiple Vulnerabilities in PHPX



Title: Multiple Vulnerabilities in PHPX

By: Manuel López ( manegts@...mail.com ) FROM #IST libres.irc-hispano.org,
#IST Efnet.

Url: http://www.phpx.org

Description:
PHPX is a web portal system, blog, Content Management System (CMS),
forums, and more. PHPX is designed to allow everyone to be able to have
feature rich, interactive websites even if you do not know a bit of
programming.

Affected Versions:
The vulnerabilities were found in version 3.2.3 of PHPX, earlier versions
could be affected by these issues.

Severity: High

Vulnerabilities:

- Cross Site Scripting:

A vulnerability exists in main.inc.php, help.inc.php, that allows
arbitrary code execution on the client-side browser.

 main.inc.php?keywords='><script>alert(document.cookie)</script>
 help.inc.php?body='><script>alert(document.cookie)</script>

- HTML/Code Injection Flaw:

In Personal Messages and Forum the injection of malicious code is possible
in the subject field directly.
An attacker can submit specially crafted text so that when a target user
views certain pages on the service, arbitrary scripting code will be
executed by the target user's browser, allowing the attacker to modify
user profiles, post in forums, stolen cookies...

- Cookie Account Hijacking Vulnerability:

The cookie contains a PXL variable, which PHPX uses to determine which
user to authenticate. It´s possible to edit the PXL in the cookie and
change it by target userID to gain access to their account.
This issue can be exploited to gain an administrative account,
compromising completely the service.

Solution: Vendor contacted and release version 3.2.4.
http://phpx.org
Upgrade to version 3.2.4

---- Credits ----
Manuel López ( manegts@...mail.com ) #IST
Special Thank´s: -- Aklis --

Kein, Skool, TheChakal, vientoS, |RDR|, NSR500, ^SargE^, Logicman, kour,
Archville, hypen, daiamon, M_I_R.. and all the #IST staff.

Excuse me for speaking English so badly.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ