Foojan PHP Weblog Information Disclosure - Refferer Html Injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Foojan PHP Weblog Information Disclosure - Refferer Html Injection
From: ali202@xxxxxxxxxxxxxx
Date: 24 Aug 2005 10:57:53 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Vendor : http://foojan.soltoononline.com
A complete Persian PHP Weblog (WMS)


Example Information Disclosure:
http://[target]/[foojan]/adminmodules/daylinks/index.php
http://[target]/[foojan]/index.php?daylinkspage=-1


Refferer Html Injection

Where : in gmain.php

$Weblog-> query ("INSERT INTO `visits` ( `id` , `ip` , `refferer` , `date` , 
`time` ) 
VALUES (
'', '".$_SERVER['HTTP_USER_AGENT']."', '".$_SERVER['HTTP_REFERER']."', '$num', 
'$num2'
);");

So Attacker Can Inject HTML code in refferer field with HTTP HEADER and it will 
be executed in the index.php and admin.php .

Prev by Date: LeapFTP .lsq Buffer Overflow Vulnerability
Next by Date: Re: ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users
Previous by thread: Re: LeapFTP .lsq Buffer Overflow Vulnerability
Next by thread: unload event in ie/mozilla/opera
Index(es):
- Date
- Thread