Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11441
HistoryFeb 15, 2006 - 12:00 a.m.

XSS bugs and SQL injection in sNews

2006-02-1500:00:00
vulners.com
8

Official page : http://www.solucija.com/home/snews/

XSS in comments :

just post some comment with <script>alert('XSS TEST by
securitydot.net');</script>

FIX : put this on 423 line
$r = str_replace ("<","&lt",$r);
$r = str_replace (">","&lg",$r);

Injection through categories : index.php?category=1%20or%201=2

FIX : put this on 313 line
if (ereg('^[0-9]*$' , $category))

Injection through id : index.php?id=0%20or%201=2

FIX : put this on 175 line
if (ereg('^[0-9]*$' , $id)) {


Securitydot.net
joffer and DrFrancky