Some other exploits at PhoenixPHP

[Merijn]

Ohai.
Before you give a feedback, think wise. Some kids don't understand php. Otherwise, this will be easy to fix for everybody. It are simple Persist Cross-site-scripting Injections.


The non-persist (Clientside)
Change you're mission. Just try to put in:

<script>alert('lol')</script>

How to fix?
Open me.php, and search for:

<div class="Usersmotto"

The code that you found. Well, let's replace it with:

<div class="Usersmotto" style="min-width:200px; min-height:30px;"><?php echo .$core->EscapeString($users->UserInfo($username, 'motto')); ?></div>

Cross-site-scripting at staff.php
You are a Staff Member? Okay, then you can do this. Again edit you're motto. and write something like this:

PHP Code:

<script>alert('lolwut?')</script> 


And enter. Now go to the Staff Page. And you will see there will be a alert.

How to fix?
Go to staff.php

Search for:

PHP Code:

<div class="Usersmotto"><?php echo $staff['motto']; ?></div>

And replace that with:

PHP Code:

<div class="Usersmotto"><?php echo .$core->EscapeString($staff['motto'] ); ?></div>

Okay, the last Cross-site-scripting leak is in home.php

Let's say, you make a room. Just rename you're room in something like this

PHP Code:

<script>window.location="URL HERE!"</script> 


Go to you're homepage. And you will see that the page is redirected.

Fix:
Openhome.php

Well, now search for:

PHP Code:

<strong><?php echo $userroom['caption']; ?></strong><br /><br />

And replace it with:

PHP Code:

<strong><?php echo .$core->EscapeString($userroom['caption'] ); ?></strong><br /><br />

Okay, goodluck with this.

Cya.

[MentaL]

[Spheral]

Awright, thanks, this seems interesting and helpful.

[Joopie]

Most people don't know that Cross-site-scripting Injections are possible in client x]

[Merijn]

Most people don't know that Cross-site-scripting Injections are possible in client x]

Now they know it is possible.

[Phosfor]

Thanks !

[Merijn]

Thanks !

But strangely my page become blacnk u_U,
i don't understand why ^^

Just try it again. Maybe you did something wrong in you're script.

[Phosfor]

Just try it again. Maybe you did something wrong in you're script.

Well, sorry^^

Thanks dude !

Usefull :p

[keven007]

Nice merijn, goodjob!

[azaidi]

Can someone find the exploit where I get hacked with the whole time on hablow.dyndns.org please?

[rory129]

The moto one is on ubercms aswell.
Yu enter into the moto then reload the page and it does it everytime,

[Papercup]

Wow, I wonder if one day it will actulley be safe to run PhoenixPHP... (Nah, That will never happen)

[azaidi]

Wow, I wonder if one day it will actulley be safe to run PhoenixPHP... (Nah, That will never happen)

I won't stop editing PhoenixPHP untill that's possible..
So if I can get some support it'll be possible.

[Law]

The alerts will only be displayed for the user himself, without the staff page one. there it will be displayed for everyone visiting. :P

[Joopie]

..., After fixing some XSS and SQLi injections is PhoenixPHP `safe`?

Just by putting this:

PHP Code:

foreach ($_POST as $key => $value){ $_POST[$key] = FilterFunction($value); }
foreach ($_GET as $key => $value){ $_GET[$key] = FilterFunction($value); } 


Into an global file and it's done. x]

Edit: Then stil to filter some database output saved from the client x]

[Pookie]

Thanks.

[Merijn]

You're all welcome. Glad to see that i'm helping. Actually; Will find more, and more. And more exploits. Fix it all for you.