[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] phpAdultSite CMS flaws

To: submit@xxxxxxxxxxx, vuldb@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, bugs@xxxxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, vuln@xxxxxxxxxxx
Subject: [Full-disclosure] phpAdultSite CMS flaws
From: SmOk3 <smok3f00@xxxxxxxxx>
Date: Sun, 7 Sep 2008 18:20:20 +0100

Original article:
http://www.davidsopas.com/2008/09/phpadult-cms-exploit/


phpAdultSite CMS is a PHP-based content management system for a adult
pay site that fully supports MySQL. The code, layout, graphics of
phpAdultSite are consistent through every single page of your site.

It costs between $400 to $1100 depending on the license.

I found that this script is vulnerable to a couple of topics. After no
reply of this CMS vendors, send about two emails 1 week ago, I decided
going to full disclosure.

The problem exists on results_per_page variable. If it returns false,
it gives a DB Error output on our browser, showing up path disclosure,
sql statments that may lead to sql injections and also, it executes
XSS attacks.

PoC:

index.php?&results_per_page=50'
index.php?&results_per_page=50"><script
type="text/javascript">alert(/XSS vuln by DavidSopas.com/)</script>

It can be fixed with the sanitize of the variable.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [ GLSA 200809-06 ] VLC: Multiple vulnerabilities
Next by Date: Re: [Full-disclosure] McKinnon a 'scapegoat for Pentagon insecurity'
Previous by thread: [Full-disclosure] [ GLSA 200809-06 ] VLC: Multiple vulnerabilities
Next by thread: Re: [Full-disclosure] n3td3v's dick is bigger than Gadis WAS: Google Chrome Browser Vulnerability
Index(es):
- Date
- Thread