Home / exploits FreeDiscussionForums v1.0 Multiple Remote Vulnerabilities
Posted on 14 September 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>FreeDiscussionForums v1.0 Multiple Remote Vulnerabilities</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>========================================================= FreeDiscussionForums v1.0 Multiple Remote Vulnerabilities ========================================================= Title : FreeDiscussionForums Multiple Remote Vulnerabilities Affected Version : Free Discussion Forum 1.0 Discovery : www.abysssec.com Vendor : http://www.freediscussionforums.net Download Links : http://sourceforge.net/projects/discusionforum/ Admin Login : http://Example.com/adminlogin.aspx Description : =========================================================================================== This version of FreeDiscussionForums have Multiple Valnerabilities : 1- Access to Admin's Section 2- Persistent XSS Access to Admin's Section: =========================================================================================== With this path you can easily access to Admin's section: http://Example.com/ManageSubject.aspx Valnerable Code : DLL : App_Web_wngcbiby.dll Class : Class adminlogin protected void Button1_Click(object sender, EventArgs e) { ... if ((this.txtUserName.Text.Trim() == str) && (this.txtPassword.Text.Trim() == str2)) { this.Session["User"] = "admin"; base.Response.Redirect("ManageSubject.aspx"); } } Persistent XSS: =========================================================================================== in this application also there is a Persistent XSS exist in title field. Valnerable Code : DLL : App_Web_wngcbiby.dll Class : Class AddPost protected void Page_Load(object sender, EventArgs e) { if (base.Request.QueryString["forumId"] != null) { this.forumId = Convert.ToInt32(base.Request.QueryString["forumId"]); } if (base.Request.QueryString["title"] != null) { this.title = Common.ReplaceString(base.Request.QueryString["title"].ToString().Trim()); } ... } =========================================================================================== # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-09-14]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
