[<prev] [next>] [day] [month] [year] [list]
Message-ID: <web-5810003@b2.c.plasa.com>
Date: Thu, 06 Jul 2006 21:23:23 +0700
From: "k07iX" <apem-zigzag@...kom.net>
To: bugtraq@...urityfocus.com
Subject: lintah_|adv|_01@...6>=========<[Aura-CMS v1.62]<===>[XSS
vulnerable]&[bug]
by : iFX a.k.a inversFX
_______________________________
[ apem-zigzag@...kom.net ]
[ inversfx@...oo.com ]
-------------------------------
locate : Indonesia, Jakarta
--------------------------------
date : 29/06/2006
--------------------------------
title : XSS on `CMS Aura v1.62`
--------------------------------
Developer CMS : Arif Supriyanto - arif@....kliksini.com
http://www.auracms.tk
http://www.semarang.tk
http://www.ayo.kliksini.com
http://www.auracms.opensource-indonesia.com
--------------------------------
PoC :
--------------------------------------------------------------------
1. in 'teman.php' we can see the code :
.....
echo "<p class=judul>Kirim ke Teman</p>
<p class=konten>Anda ingin memberitahu teman Anda tentang
artikel ini yang berjudul
: <b>$judul_artikel</b>.";
.....
we found something here, that's variable $judul_artikel
so we can xss from the url :
1st ex:
http://localhost/teman.php?judul_artikel=<script>alert("mati
dah gwa!!!")</script>
2nd ex:
or we can send an artikel to admin and the title had the
XSS code, so when anonymous is
opening the index.php, the script are running.
---------------------------------------------------------------------
2. we found something here that can be delete all
shoutbox message.
as usually we can shout anonymously with fake name, mail,
pesan.
here when I insert
name = ' or ''=' <== old SQL
injection code
mail = test_string <== you can fill it with free mail
address
pesan = ' or ''=' <== old SQL injection code
then all message on it clear amazingly....
----------------------------------------------------------------------
screen shot :
http://h1.ripway.com/lintah/adv/img/01-iFX-2006-AuraCMS-v1.62-XSS.bmp
origin :
http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt
----------------------------------------------------------------------
sory for my words In English, cuz I often REMED!!!
_________________
/Shout :| |X|
-------------------------------------------------------------------------------------
|ECHO's kommunity & Staff, Kecoak kommunity, Jasakom
kommunity, all hacker kommunity|
|$pecial to : cR45H3R, Dr.Pluto, he4rt_bre4ker, bius,
||||||||. |
|Lintah{ iFX, BlueJaccker, Sin~X, Xploid, frezZe,
Shock-3d, G4mMa, Big_Red_One } |
-------------------------------------------------------------------------------------
|OK | Apply | Cancel |
----------------------
========================================================================================
Simak preview pertandingan piala dunia 2006 di http://telkom.net/pialadunia/
Asah pengetahuanmu tentang Piala Dunia di
http://netkuis.telkom.net/pialadunia/
========================================================================================
Powered by blists - more mailing lists