[webapps / 0day] - LightNEasy 3.2.2 XSS Session Hijack and C
Posted on 20 December 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>LightNEasy 3.2.2 XSS Session Hijack and Credential Disclosure | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='LightNEasy 3.2.2 XSS Session Hijack and Credential Disclosure by Psybersiako in webapps / 0day | Inj3ct0r 1337 - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var _gaq = _gaq || [];_gaq.push(["_setAccount", "UA-12725838-1"]);_gaq.push(["_setDomainName", "none"]);_gaq.push(["_setAllowLinker", true]);_gaq.push(["_trackPageview"]);(function(){var ga = document.createElement("script"); ga.type = "text/javascript"; ga.async = true;ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ga, s);})();</script></head><body><pre>============================================================= LightNEasy 3.2.2 XSS Session Hijack and Credential Disclosure ============================================================= # Author: [Psybersiako[at]gmail[dot]com] # Software Link: [http://www.lightneasy.org/] # Version: [3.2.2] # Platform / Independant # category: [Webapps - remote - XSS - 0day] # D0rk: "Powered by LightNEasy Content Manager - LightNEasy 3.2.2" LightNEasy is not only a CMS, It actually creates plain, pure web pages for your whole website, making it SEO friendly and fast loading. Each time you add a page, alter the menus, it regenerates all pages again so that they remain fully integrated. Search engines, like Google, prefer simple HTML or PHP pages and simple links to follow from page to page. LightNEasy in fact generates all the pages of your website, and what search engines find is a series of pure pages that link to other pages, instead of some fancy php scripts and strange urls. LightNEasy was created for developing and maintaining private or small commercial websites. Depending on your programming skills, however, LightNEasy can be the framework of virtually any website. LiteNEasy version 3.2.2 is vulnerable to XSS in the comments section of /news.php. User comments are not sanitized. # Code: http://localhost/LNE_3_2_2/news.php #fill in the form on news.php Yourname: Test Your e-mail: test@test.com Your Comment: [XSS] LiteNEasy stores the username in the cookie as well as the Sha1 encrypted password and session data this can be used to hijack the session of any user, if the user has logged out, then the cookie can be used to extract the username and password hash. ##Shoutz:TimQ - Carb0n - JonhyK - Hackhound.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNDtTaAAoJEJyJU+9T+ZBUpFsIAI7EyPAJg6gDOdKVNFeUPPIQ 8/22fvle6nC10s1ST+lTnX9GmjQHrqSDnGVgcT4PG7E5bNr/q7dgrU8PyhlS97+Y V6dSvA+WYZsKGIFse6u5zmT3ebWKzHhruG1lcvzNsUbJvhjZuyiK0EIcILcbLLNg NATCLp7eCe2yGOahnBiYSWqwkHB3Pfn9E9eEdxqJHxg2xvw2biDOB4TimY6NOvX8 rW80VrXsO6t5iCAgqw+ocE9pQMmWIP4JJHpqsO1UyWJxOMFBMXTzR7lKQx9HJlbN VfY3gTNk8ONtO3X8d8GPBcHCWao0tNjWWEfi1n5yyPUEd7Z6DfdLOrCX7clYhLM= =9Q6U -----END PGP SIGNATURE----- # <a href='http://1337db.com/'>1337db.com</a> [2010-12-20]</pre></body></html>
