| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1f9bad3a0809071020u5d202f7et7629d0ec4a0c8d3d@mail.gmail.com> Date: Sun, 7 Sep 2008 18:20:20 +0100 From: SmOk3 <smok3f00@...il.com> To: submit@...w0rm.com, vuldb@...urityfocus.com, bugtraq@...urityfocus.com, bugs@...uritytracker.com, full-disclosure@...ts.grok.org.uk, vuln@...unia.com Subject: phpAdultSite CMS flaws Original article: http://www.davidsopas.com/2008/09/phpadult-cms-exploit/ phpAdultSite CMS is a PHP-based content management system for a adult pay site that fully supports MySQL. The code, layout, graphics of phpAdultSite are consistent through every single page of your site. It costs between $400 to $1100 depending on the license. I found that this script is vulnerable to a couple of topics. After no reply of this CMS vendors, send about two emails 1 week ago, I decided going to full disclosure. The problem exists on results_per_page variable. If it returns false, it gives a DB Error output on our browser, showing up path disclosure, sql statments that may lead to sql injections and also, it executes XSS attacks. PoC: index.php?&results_per_page=50' index.php?&results_per_page=50"><script type="text/javascript">alert(/XSS vuln by DavidSopas.com/)</script> It can be fixed with the sanitize of the variable. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists