phpAdultSite CMS flaws

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052513 漏洞类型
发布时间 2008-09-08 更新时间 2008-09-08
CVE编号 CVE-2008-6979
CVE-2008-6980
CVE-2008-6981
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2008090019
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Original article:
http://www.davidsopas.com/2008/09/phpadult-cms-exploit/


phpAdultSite CMS is a PHP-based content management system for a adult
pay site that fully supports MySQL. The code, layout, graphics of
phpAdultSite are consistent through every single page of your site.

It costs between $400 to $1100 depending on the license.

I found that this script is vulnerable to a couple of topics. After no
reply of this CMS vendors, send about two emails 1 week ago, I decided
going to full disclosure.

The problem exists on results_per_page variable. If it returns false,
it gives a DB Error output on our browser, showing up path disclosure,
sql statments that may lead to sql injections and also, it executes
XSS attacks.

PoC:

index.php?&results_per_page=50'
index.php?&results_per_page=50"><script
type="text/javascript">alert(/XSS vuln by DavidSopas.com/)</script>

It can be fixed with the sanitize of the variable.