Home page logo

fulldisclosure logo Full Disclosure mailing list archives

H4CREW-000005 EasyNews Pro 4.0 XSS & CSRF
From: tHe cReW n0 c0ntend3rs <h4xorcr3w () hotmail com>
Date: Sat, 16 Jun 2007 23:14:32 -0600

I luv u Ms. Phisher u d4 d1am0nds 1n My Ski
h4xorCrew Advirosy 5: Easynews PRO 4.0 XSS and CRSF =================================================== "the game of 
secuirity is like a sord fight you must think furst b4 you m0ve" H-4 h3r3 2 stay cuz we in da h0uz h4xorcewz n da house 
and r4w we g0nna g1v3 1t 2 ya '07 wit no tr1via. w3 g0t da h4x r4p, s0ftw4r3z n 0ur h4ndz turn to d1SaSta, cuz w3 g0t 
sk1lls of da m4$ta. Softwares: Easynews PRO 4.0 Vulnerables funk bies the s1lksh4dow & w3bm1str3ss severety: very high 
risks = 100 ImpaX ==== [1] remotes cookie hijack of it all [2] XSS shell nuff said 
(http://ferruh.mavituna.com/article/?1338) [3] some blog or website to exploit of the CRSF vecotr. [4] both XSS & CRSF 
there is steal of the admin (it below)! XSS ------- Easynews PRO 4.0 is softwares for HTML internet newses posting by 
admin or user with some auth (but not much). Some user may post Cross-Site Scriptings in newses. If done, scriptings 
execute in browser as if trust were true even for scriptings that is not belong of site. Becuase scriptings is stored 
when news is stored, XSS is forever, meaning store newses is likely to malign many users browser. (see below) 1. log in 
2. post in news with news having "Hi Say!<script>alert("PWND!")</script>" 3. news get saved as file.txt in /news folder 
with hazard scriptings 4. user other read news and get scripted Root of cause is no delicate input sifting or no output 
htmls encodings up in there code. CRSF ------- With CRSF, like XSS, virtuall all site on intenet is vulnerables to is 
widespread. It happen here too, but very severes = 100 becuase remotes attack can switch admin pass (n0 kidding ^_^). 
Root of cauz is admin pass can be change with no curent pass as input when chang is make. So html FORM action put up in 
there other place like blog or web app can automatic with javascrip turned on change pass of admin if admin read newses 
while login and fellows the linkage to bad site. Change can be fasters than the cats eye. Notes: becuase XSS and CRSF 
are true together it is possibles to post newses that automatic change admin pass when newses is viewed cuz uv a m4d 
j4v4scr1pt0rs :/ Workaround: No workaround just yet. I sen the coder emale 6 moth aogo. Until then read newses with 
MITM proxy so trap request & response and delette bad stuff each time, ok! Inmportant geetz: 
---------------------------------------------------------- shoutz to alyandon <-- ur so lljk & props to th0ri4n k33p i7 
0n d4 d0wnlow Z4K, I g3tt1n t1r3d uv b4iling U 455 0ut 4g41n. evil4d4msmith y0u d4 CEO 0f gR00v3. Other suxkur cr3ws 
btr step b4k we're d0ing th3 hax. g07 4n APB 0n a k1ll3r MC my 1337 w3bm1st3ss 4nd m3 w3 da Silksh4dow 4n 5he bl0win da 
lid off this 1. d0n7 fr0n7 da dU0 cuz w3 Nv1nc1bl3. 1 L0\/3 j00Z \/\/3B/\/\1$7r3$$ we 1t b4be U n Me 4eva. I m0v3 
m0nt41nZ U d4 l3v3r. ---------------------------------------------------------- 
Make every IM count. Download Windows Live Messenger and join the i’m Initiative now. It’s free.  
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • H4CREW-000005 EasyNews Pro 4.0 XSS & CSRF tHe cReW n0 c0ntend3rs (Jun 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]