Aura-CMS v1.62 XSS vulnerable

2006.07.14
Credit: k07iX
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2006-3559 | CVE-2006-3558
CWE: CWE-79

by : iFX a.k.a inversFX _______________________________ [ apem-zigzag (at) telkom (dot) net [email concealed] ] [ inversfx (at) yahoo (dot) com [email concealed] ] ------------------------------- locate : Indonesia, Jakarta -------------------------------- date : 29/06/2006 -------------------------------- title : XSS on `CMS Aura v1.62` -------------------------------- Developer CMS : Arif Supriyanto - arif (at) ayo.kliksini (dot) com [email concealed] http://www.auracms.tk http://www.semarang.tk http://www.ayo.kliksini.com http://www.auracms.opensource-indonesia.com -------------------------------- PoC : -------------------------------------------------------------------- 1. in 'teman.php' we can see the code : ..... echo "<p class=judul>Kirim ke Teman</p> <p class=konten>Anda ingin memberitahu teman Anda tentang artikel ini yang berjudul : <b>$judul_artikel</b>."; ..... we found something here, that's variable $judul_artikel so we can xss from the url : 1st ex: http://localhost/teman.php?judul_artikel=<script>alert("mati dah gwa!!!")</script> 2nd ex: or we can send an artikel to admin and the title had the XSS code, so when anonymous is opening the index.php, the script are running. --------------------------------------------------------------------- 2. we found something here that can be delete all shoutbox message. as usually we can shout anonymously with fake name, mail, pesan. here when I insert name = ' or ''=' <== old SQL injection code mail = test_string <== you can fill it with free mail address pesan = ' or ''=' <== old SQL injection code then all message on it clear amazingly.... ---------------------------------------------------------------------- screen shot : http://h1.ripway.com/lintah/adv/img/01-iFX-2006-AuraCMS-v1.62-XSS.bmp origin : http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.tx t ---------------------------------------------------------------------- sory for my words In English, cuz I often REMED!!! _________________ /Shout :| |X| ------------------------------------------------------------------------ ------------- |ECHO's kommunity & Staff, Kecoak kommunity, Jasakom kommunity, all hacker kommunity| |$pecial to : cR45H3R, Dr.Pluto, he4rt_bre4ker, bius, ||||||||. | |Lintah{ iFX, BlueJaccker, Sin~X, Xploid, frezZe, Shock-3d, G4mMa, Big_Red_One } | ------------------------------------------------------------------------ ------------- |OK | Apply | Cancel | ---------------------- ======================================================================== ================ Simak preview pertandingan piala dunia 2006 di http://telkom.net/pialadunia/ Asah pengetahuanmu tentang Piala Dunia di http://netkuis.telkom.net/pialadunia/ ======================================================================== ================


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top