########################################
[+]Phpns News System (shownews.php) Cross Site Scripting Vulnerability
[+]Discovered by ZEROF
[+]Visit: my-exploit.com
[+]Greetz: SETI_Explorer, Gangster, Despot
########################################
[+]Description: Phpns is a free, open-source PHP News System that will enable you to design your website the way you want, and include a dynamic CMS with one line of code.
[+]Download: http://phpns.alecwh.com/downloads.php
[+]Script author: PHPNS by alecwh
Vulnerable C0de in shownews.php:
----------------------------------------
if (!$phpns['do'] && !strstr($_GET['a'], 'page:')) { $phpns['id'] = htmlentities($_GET['a']); }
----------------------------------------
Into the "a" field, an attacker could insert malicious code like <script>alert("Hello n00bs!");</script>
Some protection is already included,just edit shownews.php on line 51 ! ! !
Find :
$phpns['do'] = htmlentities($_POST['do']);
if (!$phpns['do'] && !strstr($_GET['a'], 'page:')) { $phpns['id'] = htmlentities($_GET['a']); }
$phpns['mode'] = htmlentities($phpns['mode']);
$phpns['offset'] = htmlentities($phpns['offset']);
==================================================================
Edit before :
$phpns = preg_replace('/(?:^|[\r\n]+)([^\r\n]*)(?=[\r\n]+|$)/', "<p>\\1</p>\n", $phpns);
######################################## |