TUCoPS :: Web :: CMS / Portals :: b06-4931.htm

JAF CMS 4.0 RC1 multiple vulnerabilities
JAF CMS 4.0 RC1 multiple vulnerabilities
JAF CMS 4.0 RC1 multiple vulnerabilities



##################################################################################=0D
##                                          ##          _    _  _    _          ##=0D
##   Hacker:  NanoyMaster                   ##       /||  \ | || \  / ||\       ##=0D
##   Exploit: JAF CMS                       ##      / || |\\| ||  \/  || \      ##=0D
##   Version: 4.0 RC1                       ##      \ || | \  || |\/| || /      ##=0D
##                                          ##       \||_|  \_||_|  |_||/       ##=0D
##################################################################################=0D
##   vulnerabilities:	XSS in shoutbox                                         ##=0D
##                      PHP execution                                           ##=0D
##                      XSS in forum                                            ##=0D
##                                                                              ##=0D
##################################################################################=0D
##                             \m/___Props___\m/                                ##=0D
##                                 z3r0phr34k                                   ##=0D
##                               System_Meltdown                                ##=0D
##                              THK-GEO & THK-h3x                               ##=0D
##                             All of Exploitarians                             ##=0D
##################################################################################=0D
=0D
=0D
//------------------------------------------------------------------------------//=0D
//                                  XSS in shoutbox                             //=0D
//------------------------------------------------------------------------------//=0D
=0D
Self explanitory... in the message body put: =0D
=0D
Error:  module/shout/jafshout.php=0D
 Line:  168 - 202=0D
=0D
187 - 191 {=0D
$message = preg_replace('/"/','',$_POST['message']);=0D
$message = preg_replace("/>/",">",$_POST['message']);=0D
$message = preg_replace("//",">",$message);=0D
$message = preg_replace("/  =0D
  Linux) =0D
  =0D
you could see how usefull this could be ;) possably overwright admin/data_inc.php=0D
(where the admin's password hash is) :p=0D
  =0D
Error: module/shout/jafshout.php=0D
 Line: 168 - 202=0D
Patch: (see above code)=0D
=0D
=0D
//------------------------------------------------------------------------------//=0D
//                                  XSS in forum                                //=0D
//------------------------------------------------------------------------------//=0D
=0D
Self explanitory... in the message body put: =0D
=0D
Error:  module/forum/topicwin.php=0D
 Line:  112- 123=0D
=0D
112 - 117 {=0D
        $n_topic["name"]=$name;=0D
        $n_topic["email"]=$email;=0D
        $n_topic["title"]=$title;=0D
        $n_topic["date"]=$date;=0D
        $n_topic["ldate"]=$date;=0D
        $n_topic["lname"]=$name;=0D
}=0D
=0D
change the relevent lines to look like the following.=0D
=0D
112 - 117 {=0D
        $n_topic["name"]=htmlentities($name, ENT_QUOTES);=0D
        $n_topic["email"]=htmlentities($email, ENT_QUOTES);=0D
        $n_topic["title"]=htmlentities($title, ENT_QUOTES);=0D
        $n_topic["date"]=htmlentities($date, ENT_QUOTES);=0D
        $n_topic["ldate"]=htmlentities($date, ENT_QUOTES);=0D
        $n_topic["lname"]=htmlentities($name, ENT_QUOTES);        =0D
}=0D
etc etc.=0D
=0D
//------------------------------------------------------------------------------//=0D
//                               End                                            //=0D
//------------------------------------------------------------------------------//

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH