PHP Code Execution and Multiple XSS in ShoutLIVE

Summary

Vulnerability: PHP Code Execution and Multiple XSS in ShoutLIVE
Discovered: 2006.02.24
Last Update: 2006.03.06 Exploitation code published
ID: EV0087
CVE: CVE-2006-0940 CVE-2006-0941
Risk Level: high
Type: PHP Code Execution
Status: Unpatched. No reply from developer(s)
Vendor: n/a
Vulnerable Software: ShoutLIVE (http://cynic.x10hosting.com/downloadfile.php?file=phpscripts/ShoutLIVE.zip)
Version: 1.1.0
PoC/Exploit: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Description

PHP Code Execution found in ShoutLIVE (http://cynic.x10hosting.com/downloadfile.php?file=phpscripts/ShoutLIVE.zip) script.

1. PHP Code Execution

Vulnerable Script: savesettings.php

All user-defined variables are not sanitized before being written into settings.php
This can be used to inject arbitrary PHP code.

System access is possible.

2. Multiple Cross-Site Scripting

Vulnerable Script: post.php

All user-defined variables are not sanitized when posting new message. This can be used to inject arbitrary HTML or JavaScript code.

PoC/Exploit

1. PHP Code Execution Example.

<form method=POST action=http://[host]/savesettings.php>
<input name=admin_pword value='asd"; [code] $a="'>
</form>

2. Multiple Cross-Site Scripting

URL: http://[host]/index.php
First name: [XSS]
Web Site: javascript:[script]
Message: [XSS]

Solution.

Solution for "PHP Code Execution and Multiple XSS in ShoutLIVE" is not available. Check vendor's website for updates.

PHP Code Execution and Multiple XSS in ShoutLIVE

Summary

Description

PoC/Exploit

Solution.

Company

Services

eVuln Labs

eVuln Tools