phpAdultSite CMS flaws

2008.09.08
Credit: SmOk3
Risk: High
Local: No
Remote: Yes
CVE: CVE-2008-6979 | CVE-2008-6980 | CVE-2008-6981
CWE: CWE-79
CWE-89
CWE-200

Original article: http://www.davidsopas.com/2008/09/phpadult-cms-exploit/ phpAdultSite CMS is a PHP-based content management system for a adult pay site that fully supports MySQL. The code, layout, graphics of phpAdultSite are consistent through every single page of your site. It costs between $400 to $1100 depending on the license. I found that this script is vulnerable to a couple of topics. After no reply of this CMS vendors, send about two emails 1 week ago, I decided going to full disclosure. The problem exists on results_per_page variable. If it returns false, it gives a DB Error output on our browser, showing up path disclosure, sql statments that may lead to sql injections and also, it executes XSS attacks. PoC: index.php?&results_per_page=50' index.php?&results_per_page=50"><script type="text/javascript">alert(/XSS vuln by DavidSopas.com/)</script> It can be fixed with the sanitize of the variable.

References:

http://xforce.iss.net/xforce/xfdb/44924
http://www.securityfocus.com/archive/1/archive/1/496069/100/0/threaded
http://www.davidsopas.com/2008/09/phpadult-cms-exploit/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top