Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] phpkit suffers (realy stupid) XSS vuln.

from [Yanosz] Network Security [Permanent Link]
Subject: [Full-Disclosure] phpkit suffers (realy stupid) XSS vuln.
Date: Tue, 30 Mar 2004 22:26:19 +0200 
Software: phpkit
Version: 1.6.03 others are probably affected as well.
Status: Vendor has been notified weeks ago but refuses to answer or take any 
actions.
phpkit[1] is a simple German cms / portal software written in php similar to 
phpbb / phpnuke and is quite popular in Germany. All session information is 
stored in cookies - thus a attacker can easily steal session data or hashed 
passwords.

The forum part has _no_ protection against JavaScript, Object or Java 
injections - all html-tags appear in the victim's browser.

Proof-of-concept code
That's odd - <script... ;)

The source also seems to be vulnerably to SQL-injections - good luck ;)

Workaround: 
Don't use this software. These guys do not seem to know what they are doing.

Keep smiling
yanosz

[1]http://www.phpkit.de
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] phpkit suffers (realy stupid) XSS vuln., Yanosz <=
Previous by Date:  [Full-Disclosure] RE: new internet explorer exploit (was new worm), Drew Copley
Next by Date:  Re: [Full-Disclosure] New Win32 Worm regsvc32.exe offers rootkit features, Elia Florio
Previous by Thread:  [Full-Disclosure] R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities, advisory
Next by Thread:  [Full-Disclosure] MDKSA-2004:024 - Updated ethereal packages fix multiple vulnerabilities, Mandrake Linux Security Team
Indexes:  [Date] [Thread] [Top] [All Lists]