Lucene search

K

phpadult-sqlxss.txt

๐Ÿ—“๏ธย 08 Sep 2008ย 00:00:00Reported byย SmOk3Typeย 
packetstorm
ย packetstorm
๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 12ย Views

Vulnerability in phpAdultSite CMS allows XSS and SQL injection attacks through results_per_page variable. Full disclosure after vendor's unresponsiveness.

Show more
Code
`Original article:  
http://www.davidsopas.com/2008/09/phpadult-cms-exploit/  
  
  
phpAdultSite CMS is a PHP-based content management system for a adult  
pay site that fully supports MySQL. The code, layout, graphics of  
phpAdultSite are consistent through every single page of your site.  
  
It costs between $400 to $1100 depending on the license.  
  
I found that this script is vulnerable to a couple of topics. After no  
reply of this CMS vendors, send about two emails 1 week ago, I decided  
going to full disclosure.  
  
The problem exists on results_per_page variable. If it returns false,  
it gives a DB Error output on our browser, showing up path disclosure,  
sql statments that may lead to sql injections and also, it executes  
XSS attacks.  
  
PoC:  
  
index.php?&results_per_page=50'  
index.php?&results_per_page=50"><script  
type="text/javascript">alert(/XSS vuln by DavidSopas.com/)</script>  
  
It can be fixed with the sanitize of the variable.  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
08 Sep 2008 00:00Current
7.4High risk
Vulners AI Score7.4
12
.json
Report