PHPX Multiple Vulnerabilities
BID:9569
Info
PHPX Multiple Vulnerabilities
| Bugtraq ID: | 9569 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-0248 CVE-2004-0249 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 03 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery is credited to Manuel L?pez. |
| Vulnerable: |
PHPX PHPX 3.2.3 |
| Not Vulnerable: |
PHPX PHPX 3.2.4 |
Discussion
PHPX Multiple Vulnerabilities
Multiple vulnerabilities were reported in PHPX. The specific issues include cross-site scripting, HTML injection and account hijacking via specially crafted cookies.
These issues were reported to exist in PHPX 3.2.3. Earlier versions are also likely affected.
Multiple vulnerabilities were reported in PHPX. The specific issues include cross-site scripting, HTML injection and account hijacking via specially crafted cookies.
These issues were reported to exist in PHPX 3.2.3. Earlier versions are also likely affected.
Exploit / POC
PHPX Multiple Vulnerabilities
There is no exploit required for these issues. The following cross-site scripting examples were provided:
main.inc.php?keywords='><script>alert(document.cookie)</script>
help.inc.php?body='><script>alert(document.cookie)</script>
The following proof of concept has been provided by Ryan Wray for the insecure session id issue:
There is no exploit required for these issues. The following cross-site scripting examples were provided:
main.inc.php?keywords='><script>alert(document.cookie)</script>
help.inc.php?body='><script>alert(document.cookie)</script>
The following proof of concept has been provided by Ryan Wray for the insecure session id issue:
Solution / Fix
PHPX Multiple Vulnerabilities
Solution:
These issues are addressed in PHPX 3.2.4.
PHPX PHPX 3.2.3
Solution:
These issues are addressed in PHPX 3.2.4.
PHPX PHPX 3.2.3
-
PHPX PHPX 3.2.4
http://sourceforge.net/project/showfiles.php?group_id=67670
References
PHPX Multiple Vulnerabilities
References:
References: