Foojan PHP Weblog Information Disclosure - Refferer Html Injection

ali202_at_fastermail.com
Date: 08/24/05

Next message: Allen Parker: "Re: ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users"

Previous message: Sowhat .: "LeapFTP .lsq Buffer Overflow Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 24 Aug 2005 10:57:53 -0000
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is) Vendor : http://foojan.soltoononline.com
A complete Persian PHP Weblog (WMS)

Example Information Disclosure:
http://[target]/[foojan]/adminmodules/daylinks/index.php
http://[target]/[foojan]/index.php?daylinkspage=-1

Refferer Html Injection

Where : in gmain.php

$Weblog-> query ("INSERT INTO `visits` ( `id` , `ip` , `refferer` , `date` , `time` )
VALUES (
'', '".$_SERVER['HTTP_USER_AGENT']."', '".$_SERVER['HTTP_REFERER']."', '$num', '$num2'
);");

So Attacker Can Inject HTML code in refferer field with HTTP HEADER and it will be executed in the index.php and admin.php .

Next message: Allen Parker: "Re: ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users"

Previous message: Sowhat .: "LeapFTP .lsq Buffer Overflow Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]