Re: xxs in MKPortal M1.1
- From: security@xxxxxxxxxxxxxxxxxxxx
- Date: 28 Sep 2006 20:34:34 -0000
Here is a Fix from me, delete the pmpopup.php, create a new one with this in there:
<?
$m1 = str_replace("%20", " ", $_GET['m1']);
$m2 = str_replace("%20", " ", $_GET['m2']);
$m3 = str_replace("%20", " ", $_GET['m3']);
$m4 = str_replace("%20", " ", $_GET['m4']);
$u1 = $_GET['u1'];
foreach ($_POST AS $key => $val) {
if (${$key} == $val) {
unset (${$key});
}
}
foreach ($_GET AS $key => $val) {
if (${$key} == $val) {
echo "Hacking Attempt logged \n";
unset (${$key});
}
}
foreach ($_COOKIE AS $key => $val) {
if (${$key} == $val) {
unset (${$key});
}
}
$output = "<script language=\"javascript\" type=\"text/javascript\">
<!--
function jump_to_inbox()
{
opener.document.location.href = \"$u1\";
window.close();
}
//-->
</script>
<body>
<table width=\"100%\" height=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"1\" bgcolor=\"#F5F5F5\">
<tr>
<td>
<table align=\"center\" width=\"95%\" border=\"1\" cellspacing=\"0\" cellpadding=\"0\">
<tr>
<td valign=\"top\" width=\"100%\" bgcolor=\"#DFE6EF\" align=\"center\"><br /><strong><font face=\"verdana\" size=\"2\">$m1<a href=$u1 onclick=\"jump_to_inbox();return false;\" target=\"_new\"> $m2</a>$m3</font></strong><br /><br /><font face=\"verdana\" size=\"2\"><a href=\"javascript:window.close();\" >$m4</a></font><br /><br />
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
";
print $output;
?>
MFG
Sourcecode
yet another Exploit Source : http://www.replica-solutions.de
[Perl] my start.pl from the Wapiti HTTP Vuln. Scanner -> http://tinyurl.com/ha6km
Nmap in combination with other Linux tools: http://tinyurl.com/pknlw
- Prev by Date: [ MDKSA-2006:157-1 ] - Updated musicbrainz packages fix buffer overflow vulnerabilities
- Next by Date: [ GLSA 200609-19 ] Mozilla Firefox: Multiple vulnerabilities
- Previous by thread: xxs in MKPortal M1.1
- Next by thread: CORE-2006-0321: AOL ICQ Pro 2003b heap overflow vulnerability
- Index(es):
Relevant Pages
|
