SecurityvulnsSECURITYVULNS:DOC:22854Theeta CMS (Cross Site Scripting,SQL Injection) Multiple Vulnerabilities
##################################################################
##################################################################
___ ___ _ _____ __ _
/ _ \ / _ \| | | __ \ / _| | |
_ __| | | | | | | |_| | | | __| | __ _ ___ ___ __| |
| '__| | | | | | | __| | | |/ _ \ _/ _` |/ __/ _ \/ _` |
| | | || | || | || |__| | __/ || (| | (| __/ (| |
|| \/ \/ \|/ \|_| \,|\\|\,_|
±±±±+
|C|r|e|w|
±±±±+
##################################################################
##################################################################
[#] Theeta CMS (Cross Site Scripting,SQL Injection) Multiple Vulnerabilities
[#] Discovered By c0dy
[#] http://r00tDefaced.net
[#] Greetz: sHoKeD-bYte, syst0x1c & r00tDefaced Members
##################################################################
[1]-Cross Site Scripting
Vulnerability Description:
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications
which allow code #injection by malicious web users into the web pages viewed by other users.
Affected items:
http://127.0.0.1/community/thread.php?start=[XSS]
http://127.0.0.1/community/thread.php?forum=[XSS]
http://127.0.0.1/community/thread.php?cat=[XSS]
http://127.0.0.1/community/forum.php?start=[XSS]
http://127.0.0.1/community/forum.php?cat=[XSS]
http://127.0.0.1/blog/index.php?start=[XSS]
Exemple: <script>alert(document.cookie)</script>
The Risk:
By exploiting this vulnerability, an attacker can inject malicious code in the script and can stole cookies.
Fix the vulnerability:
* Encode output based on input parameters.
* Filter input parameters for special characters.
* Filter output based on input parameters for special characters…
#################################################################
[2]-SQL injection
Vulnerability Description:
SQL injection is a code injection technique that exploits a security vulnerability occurring in the
database layer of an #application. The vulnerability is present when user input is either incorrectly filtered for string
literal escape characters embedded in SQL #statements or user input is not strongly typed and thereby unexpectedly executed.
Affected items:
http://127.0.0.1/community/forum.php?start=[SQL Injection]
http://127.0.0.1/community/thread.php?start=[SQL Injection]
http://127.0.0.1/blog/index.php?start=[SQL Injection]
Exemple: -1+ORDER+BY+1-- [You can find the number of colums (Well just incrementing the number until we get an error.)]
The Risk:
By exploiting this vulnerability, an attacker can inject malicious code in the script and can have acces to the
database.
Fix the vulnerability:
To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parameterized
statements must be used #(preferred), or user input must be carefully escaped or filtered.
#################################################################
#################################################################