MOAUB #14 - FreeDiscussionForums v1.0 Multiple Remote Vulnerabilities
2010-09-14 18:15:16'''
__ __ ____ _ _ ____
| \/ |/ __ \ /\ | | | | _ \
| \ / | | | | / \ | | | | |_) |
| |\/| | | | |/ /\ \| | | | _ <
| | | | |__| / ____ \ |__| | |_) |
|_| |_|\____/_/ \_\____/|____/
http://www.exploit-db.com/moaub-14-freediscussionforums-multiple-remote-vulnerabilities/
'''
Abysssec Inc Public Advisory
Title : FreeDiscussionForums Multiple Remote Vulnerabilities
Affected Version : Free Discussion Forum 1.0
Discovery : www.abysssec.com
Vendor : http://www.freediscussionforums.net
Download Links : http://sourceforge.net/projects/discusionforum/
Admin Login : http://Example.com/adminlogin.aspx
Description :
===========================================================================================
This version of FreeDiscussionForums have Multiple Valnerabilities :
1- Access to Admin's Section
2- Persistent XSS
Access to Admin's Section:
===========================================================================================
With this path you can easily access to Admin's section:
http://Example.com/ManageSubject.aspx
Valnerable Code :
DLL : App_Web_wngcbiby.dll
Class : Class adminlogin
protected void Button1_Click(object sender, EventArgs e)
{
...
if ((this.txtUserName.Text.Trim() == str) && (this.txtPassword.Text.Trim() == str2))
{
this.Session["User"] = "admin";
base.Response.Redirect("ManageSubject.aspx");
}
}
Persistent XSS:
===========================================================================================
in this application also there is a Persistent XSS exist in title field.
Valnerable Code :
DLL : App_Web_wngcbiby.dll
Class : Class AddPost
protected void Page_Load(object sender, EventArgs e)
{
if (base.Request.QueryString["forumId"] != null)
{
this.forumId = Convert.ToInt32(base.Request.QueryString["forumId"]);
}
if (base.Request.QueryString["title"] != null)
{
this.title = Common.ReplaceString(base.Request.QueryString["title"].ToString().Trim());
}
...
}
===========================================================================================
Fixes
No fixesPer poter inviare un fix è necessario essere utenti registrati.