[Plugins-writers] Azbb 1.1.00 Cross_Site_Scripting

From: Pi3cH (pi3ch@private)
Date: Sun Jan 22 2006 - 06:49:02 PST 

hi 2 all
  this is my first mail.
  i write script for Azbb 1.1.00 Cross_Site_Scripting vulnerability that discover by my team mate at KAPDA.
  Original Advisory: http://kapda.ir/advisory-236.html
  comments are welcome :)
  
  #
  #  This script was written by Pedram Hayati <pi3ch at kapda dot ir>
  #  (C) KAPDA Computer Security Science Researchers Institute
  #   http://www.kapda.ir
  #
  #  This script is released under the GNU GPL v2
  
  if(description)
  {
  script_version ("$Revision: 1.0 $");
  name["english"] = "Azbb XSS";
  
  script_name(english:name["english"]);
  
  desc["english"] = "
  The 'AZ Bulletin Board' PHP is installed. This version is affected by a
  cross-site scripting vulnerability. This issue is due to a failure
  of the application to properly sanitize user-supplied input.
  
  As a result of this vulnerability, it is possible for a remote attacker
  to create a malicious link containing script code that will be executed
  in the browser of an unsuspecting user when followed.
  Original Advisory: http://kapda.ir/advisory-236.html
  Solution : Vendor contacted
  Risk factor : Low";
  
  script_description(english:desc["english"]);
  
  summary["english"] = "Checks post.php XSS";
  
  script_summary(english:summary["english"]);
  
  script_category(ACT_GATHER_INFO);
  
  
  script_copyright(english:"This script is Copyright (C) 2006 Pedram Hayati");
   
  family["english"] = "CGI abuses : XSS";
  family["francais"] = "Abus de CGI";
  script_family(english:family["english"], francais:family["francais"]);
  script_dependencie("cross_site_scripting.nasl");
  script_require_ports("Services/www", 80);
  exit(0);
  }
  
  #
  # The script code starts here
  #
  
  include("http_func.inc");
  include("http_keepalive.inc");
  
  port = get_http_port(default:80);
  
  if (!get_port_state(port))exit(0);
  
  if ( get_kb_item("www/" + port + "/generic_XSS") ) exit(0);
  
  foreach dir (cgi_dirs())
  {
  req = string(dir, "/post.php?topic=>\"<br><iframe%20src=javascript:alert()><br>\" [XSS]");
  req = http_get(item:req, port:port);
  r = http_keepalive_send_recv(port:port, data:req, bodyonly:1);
  if( r == NULL )exit(0);
  if (egrep(pattern:"javascript:alert()", string:r))
  {
        security_warning(port);
        exit(0);
  }
  }
  exit(0);
  


Pi3cH(Pedram Hayati)
http://www.KAPDA.ir
<Computer Security Science Researchers Institute>
		
---------------------------------
Yahoo! Photos
 Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.


_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

This archive was generated by hypermail 2.1.3 : Sun Jan 22 2006 - 07:00:32 PST