Title: Multiple Vulnerabilities in PHPX By: Manuel López ( manegts@hotmail.com ) FROM #IST libres.irc-hispano.org, #IST Efnet. Url: http://www.phpx.org Description: PHPX is a web portal system, blog, Content Management System (CMS), forums, and more. PHPX is designed to allow everyone to be able to have feature rich, interactive websites even if you do not know a bit of programming. Affected Versions: The vulnerabilities were found in version 3.2.3 of PHPX, earlier versions could be affected by these issues. Severity: High Vulnerabilities: - Cross Site Scripting: A vulnerability exists in main.inc.php, help.inc.php, that allows arbitrary code execution on the client-side browser. main.inc.php?keywords='> help.inc.php?body='> - HTML/Code Injection Flaw: In Personal Messages and Forum the injection of malicious code is possible in the subject field directly. An attacker can submit specially crafted text so that when a target user views certain pages on the service, arbitrary scripting code will be executed by the target user's browser, allowing the attacker to modify user profiles, post in forums, stolen cookies... - Cookie Account Hijacking Vulnerability: The cookie contains a PXL variable, which PHPX uses to determine which user to authenticate. It´s possible to edit the PXL in the cookie and change it by target userID to gain access to their account. This issue can be exploited to gain an administrative account, compromising completely the service. Solution: Vendor contacted and release version 3.2.4. http://phpx.org Upgrade to version 3.2.4 ---- Credits ---- Manuel López ( manegts@hotmail.com ) #IST Special Thank´s: -- Aklis -- Kein, Skool, TheChakal, vientoS, |RDR|, NSR500, ^SargE^, Logicman, kour, Archville, hypen, daiamon, M_I_R.. and all the #IST staff. Excuse me for speaking English so badly.