bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/16199.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

33 lines
No EOL
1.4 KiB
Text
Raw Blame History

# Exploit Title: Icy Phoenix 1.3.0.53a http referer stored XSS
# Google Dork: " Powered by Icy Phoenix <http://www.icyphoenix.com/>"
# Date: 16-2-2011
# Author: Saif El-Sherei
# Software Link: http://www.icyphoenix.com/dload.php?action=file&file_id=171
# Version: Icy Phoenix 1.3.0.53a
# Tested on:FF 3.0.15, IE 8
# Vendor Response:
http://www.icyphoenix.com/viewtopic.php?f=1&p=51700#p51700
Info:
Icy Phoenix is a CMS based on phpBB (a fully scalable and highly
customisable open-source Bulletin Board
package PHP based) plus many modifications and code integrations which add
flexibility to the whole package. The official home page for phpBB is
www.phpbb.com. Icy Phoenix has some features originally developed for phpBB
XS Project which has been founded by Bicet and then developed by both Bicet
and Mighty Gorgon. Icy Phoenix has been created by Mighty Gorgon after he
left the phpBB XS Project.
Details:
there is a stoed XSS Vulnerability using http referer HTTP header due to
failure in "index.php" in the acp to sanitize the http referer header any
visitor to the site can comprmise the admin account or any user with
privileges to see the "http referrers" section under the "Info" section. an
attacker has to use an intrcepting proxy or manual server requests to add
the " HTTP referer header" containing the POC to the server request.
POC:
<script>alert("XSS");</script>
Reference in a new issue View git blame Copy permalink