Foojan PHP Weblog suffers from an injection flaw when trusting an unsanitized HTTP_REFERER payload.
75439af3343c01b0d18d2043b57904f86045439a6c31fb9d2d7216e6b5ffbe31Vendor : https://foojan.soltoononline.com
A complete Persian PHP Weblog (WMS)
Example Information Disclosure:
https://[target]/[foojan]/adminmodules/daylinks/index.php
https://[target]/[foojan]/index.php?daylinkspage=-1
Refferer Html Injection
Where : in gmain.php
$Weblog-> query ("INSERT INTO `visits` ( `id` , `ip` , `refferer` , `date` , `time` )
VALUES (
'', '".$_SERVER['HTTP_USER_AGENT']."', '".$_SERVER['HTTP_REFERER']."', '$num', '$num2'
);");
So Attacker Can Inject HTML code in refferer field with HTTP HEADER and it will be executed in the index.php and admin.php .
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed