lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060928203434.16913.qmail@securityfocus.com>
Date: 28 Sep 2006 20:34:34 -0000
From: security@...lica-solutions.de
To: bugtraq@...urityfocus.com
Subject: Re: xxs in MKPortal M1.1

Here is a Fix from me, delete the pmpopup.php, create a new one with this in there:

<?


$m1 = str_replace("%20", " ", $_GET['m1']);
$m2 = str_replace("%20", " ", $_GET['m2']);
$m3 = str_replace("%20", " ", $_GET['m3']);
$m4 = str_replace("%20", " ", $_GET['m4']);
$u1 = $_GET['u1'];


foreach ($_POST AS $key => $val) {
    if (${$key} == $val) {
        unset (${$key});
    }
}
foreach ($_GET AS $key => $val) {
    if (${$key} == $val) {
     echo "Hacking Attempt logged \n";
        unset (${$key});
    }
}
foreach ($_COOKIE AS $key => $val) {
    if (${$key} == $val) {
        unset (${$key});
    }
}

$output = "<script language=\"javascript\" type=\"text/javascript\">
<!--
function jump_to_inbox()
{
	opener.document.location.href = \"$u1\";
	window.close();
}
//-->
</script>
<body>
  <table width=\"100%\" height=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"1\" bgcolor=\"#F5F5F5\">
    <tr>
      <td>
	<table align=\"center\" width=\"95%\"  border=\"1\" cellspacing=\"0\" cellpadding=\"0\">
	  <tr>
	    <td valign=\"top\" width=\"100%\" bgcolor=\"#DFE6EF\" align=\"center\"><br /><strong><font face=\"verdana\" size=\"2\">$m1<a href=$u1 onclick=\"jump_to_inbox();return false;\" target=\"_new\"> $m2</a>$m3</font></strong><br /><br /><font face=\"verdana\" size=\"2\"><a href=\"javascript:window.close();\" >$m4</a></font><br /><br />
	    </td>
	  </tr>
	</table>
      </td>
    </tr>
  </table>
</body>
  
  ";

  print $output;

  ?>


MFG

Sourcecode

yet another Exploit Source : http://www.replica-solutions.de
[Perl] my start.pl from the Wapiti HTTP Vuln. Scanner -> http://tinyurl.com/ha6km
Nmap in combination with other Linux tools: http://tinyurl.com/pknlw

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ