Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2006-03-09T00:00:00


                                            `New eVuln Advisory:  
ShoutLIVE PHP Code Execution & Multiple XSS Vulnerabilities  
eVuln ID: EV0087  
CVE: CVE-2006-0940 CVE-2006-0941  
Software: ShoutLIVE  
Sowtware's Web Site: http://cynic.x10hosting.com/downloadfile.php?file=phpscripts/ShoutLIVE.zip  
Versions: 1.1.0  
Critical Level: Dangerous  
Type: PHP Code Execution  
Class: Remote  
Status: Unpatched. No reply from developer(s)  
Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
1. PHP Code Execution  
Vulnerable Script: savesettings.php  
All user-defined variables are not sanitized before being written into settings.php  
This can be used to inject arbitrary PHP code.  
System access is possible.  
2. Multiple Cross-Site Scripting  
Vulnerable Script: post.php  
All user-defined variables are not sanitized when posting new message. This can be used to inject arbitrary HTML or JavaScript code.  
Available at: http://evuln.com/vulns/87/exploit.html  
1. PHP Code Execution Example.  
<form method=POST action=http://[host]/savesettings.php>  
<input name=admin_pword value='asd"; [code] $a="'>  
2. Multiple Cross-Site Scripting  
URL: http://[host]/index.php  
First name: [XSS]  
Web Site: javascript:[script]  
Message: [XSS]  
No Patch available.  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
Aliaksandr Hartsuyeu  
http://evuln.com - Penetration Testing Services