Jump to content

Fashion N' Fusker V1.0 Please Review

prakash

By prakash
in Beta Test Your Stuff!

 Share

Recommended Posts

prakash Regular Member

prakash

Posted
Posted

Fashion N' Fusker V1.0 script is based based on Fusker Technologies which use PHP & MySQL. According to Wikipedia "Fusker can be a verb, a noun that describes a technology for the web, or a noun that describes the output web page of that technology. As a verb, "to fusker" is to identify a range of images to a fusker script that returns a web page that displays all of the images within the range."

 

The official site of this script is http://www.fashionsansar.com and I have installed the same script there.

Please review it from your side. And if you have any comments, any bugs, or any feature to be added please post it here, PM me or use the contact from from the the above site.

 

Thanks

Link to comment
https://forums.phpfreaks.com/topic/55299-fashion-n-fusker-v10-please-review/
Share on other sites
agentsteal Newbie

agentsteal

Posted
Posted

Array:

http://www.fashionsansar.com/fas_fusk/tag_search.php?q[]

 

Cross Site Scripting:

http://www.fashionsansar.com/cgi-sys/scgiwrap/<marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.fashionsansar.com/fas_fusk/do_add_fusker.php?url="onmouseover=alert('vulnerable')

 

Cross Site Scripting:

http://www.fashionsansar.com/fas_fusk/image_view.php?id="onmouseover=alert('vulnerable')

 

Cross Site Scripting:

http://www.fashionsansar.com/fas_fusk/tag_search.php?q=<marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

There is Cross Site Scripting if you submit a search that contains code.

 

Cross Site Scripting:

There is Cross Site Scripting if you submit a URL that contains code.

 

Cross Site Scripting:

There is Cross Site Scripting on multiple pages if the URL contains ?">code.

 

Full Path Disclosure:

http://www.fashionsansar.com/?page='

 

Full Path Disclosure:

http://www.fashionsansar.com/cgi-sys/scgiwrap/

 

Full Path Disclosure:

http://www.fashionsansar.com/fas_fusk/tag_search.php?page='

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/fasnsan/public_html/fas_fusk/tag_search.php on line 81

 

Full Path Disclosure:

http://www.fashionsansar.com/fas_fusk/tag_search.php?page=99999999999

 

Full Path Disclosure:

http://www.fashionsansar.com/fas_fusk/tag_search.php?q[]

prakash Regular Member

prakash

Posted
  • Author
Posted

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/fasnsan/public_html/fas_fusk/tag_search.php on line 81

 

MySQL error with Full Path Disclosure on this page: http://www.fashionsansar.com/fas_fusk/tag_search.php?page='

 

the bug is fixed

prakash Regular Member

prakash

Posted
  • Author
Posted

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/fasnsan/public_html/fas_fusk/tag_search.php on line 81

 

MySQL error with Full Path Disclosure on this page: http://www.fashionsansar.com/fas_fusk/tag_search.php?page='

 

the bug is fixed

 

no it's still vulnerable:

http://www.fashionsansar.com/fas_fusk/tag_search.php?page=99999999999

 

This bug as well as bug in http://www.fashionsansar.com/index.php?page=99999999999 has been fixed

prakash Regular Member

prakash

Posted
  • Author
Posted

This page is still vulnerable in browsers that don't filter the URL (like Internet Explorer 6)

 

Actually EVERY page on the site is vulnerable.

 

POC:

In IE6, add this code onto the end of any page's URL:

?"><marquee><h1>vulnerable<a

 

SecFilter has been modified on modsecurity to fix the XSS possible vulnerable.

prakash Regular Member

prakash

Posted
  • Author
Posted

You can't run code on the pages anymore, but you can still write text on the pages in IE6 with:

?">text

 

mmm ya but is there any other way to disable it???

I am not sure regarding it..

 

The problem is with the ? icon. The other icons aren't vulnerable because they put the URL into the link with location.href However, the last icon (?) actually writes the URL into the page. In http://fashionsansar.com/index.php?whatever, whatever goes into the source code:

<a rel="nofollow" style="text-decoration:none;" href="http://fashionsansar.com/index.php?whatever" target="_Blank" title="Information" onMouseOver="schnapp('Information','','http://www.social-bookmark-script.de/img/bookmarks/what_trans_ani.gif',1)" onMouseOut="schnipp()" > <img style="padding-bottom:1px;" src="http://www.social-bookmark-script.de/img/bookmarks/what_trans.gif" alt="Information" name="Information" border="0" id="Information"> </a>

 

If whatever is replaced with ">hello

 

<a rel="nofollow" style="text-decoration:none;" href="http://fashionsansar.com/index.php?">hello" target="_Blank" title="Information" onMouseOver="schnapp('Information','','http://www.social-bookmark-script.de/img/bookmarks/what_trans_ani.gif',1)" onMouseOut="schnipp()" > <img style="padding-bottom:1px;" src="http://www.social-bookmark-script.de/img/bookmarks/what_trans.gif" alt="Information" name="Information" border="0" id="Information"> </a>

 

"> closes the tag for the link and hello and the rest of the link get written onto the page.

 

It's been fixed.

All the above bugs and XSS have been fixed.

 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.