Icy Phoenix 1.3.0.53a HTTP Referer stored XSS

2011-02-21T00:00:00
ID 1337DAY-ID-15403
Type zdt
Reporter Saif
Modified 2011-02-21T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: Icy Phoenix 1.3.0.53a http referer stored XSS
# Google Dork: " Powered by Icy Phoenix <http://www.icyphoenix.com/>"
# Date: 16-2-2011
# Author: Saif El-Sherei
# Software Link: http://www.icyphoenix.com/dload.php?action=file&file_id=171
# Version: Icy Phoenix 1.3.0.53a
# Tested on:FF 3.0.15, IE 8
# Vendor Response:
http://www.icyphoenix.com/viewtopic.php?f=1&p=51700#p51700
 
Info:
 
Icy Phoenix is a CMS based on phpBB (a fully scalable  and highly
customisable open-source Bulletin Board
package PHP based) plus many modifications and code integrations which add
flexibility to the whole package. The official home page for phpBB is
www.phpbb.com. Icy Phoenix has some features originally developed for phpBB
XS Project which has been founded by Bicet and then developed by both Bicet
and Mighty Gorgon. Icy Phoenix has been created by Mighty Gorgon after he
left the phpBB XS Project.
 
Details:
 
there is a stoed XSS Vulnerability using http referer HTTP header due to
failure in "index.php" in the acp to sanitize the http referer header any
visitor to the site can comprmise the admin account or any user with
privileges to see the "http referrers" section under the "Info" section. an
attacker has to use an intrcepting proxy or manual server requests to add
the " HTTP referer header" containing the POC to the server request.
 
POC:
 
<script>alert("XSS");</script>



#  0day.today [2018-04-13]  #