Ezportal/Ztml v1.0 Multiple vulnerabilities

:: Ezportal/Ztml v1.0 Multiple vulnerabilities ::

------------------------------------------------

Software : Ezportal/Ztml

Website  : http://www.ztml.org

Bug Discover : Hessam-x / www.hessamx.net

I. Multiple Cross Site Scripting Vulnerabilities

-------------------------------------------------

Parameters :

About , Again , Lastname , Email , password , album,

id , table , desc , doc , mname , max , htpl ,pheader , & more...

are not properly sanitized in "Index.php".

This can be used to post arbitrary HTML or web script code.

Attacker can be execute this url :

index.php?about=[XSS]

index.php?username=GUEST&again=[XSS]

& ...

II. SQL Injection Vulnerabilities

-------------------------------------------------

Parameters:

about , album , id , use , desc , doc , max , mname , & Other ...

is not properly sanitized before being used in SQL query.

vulnerable Page is : "index.php".

This can be used make any SQL query by injecting arbitrary SQL code.

Attacker can be execute this url :

index.php?about=[SQL Query]&use=ezportal.home.about.this.template

index.php?doc=[SQL Query]&etpl=ezp.home.update.status&ukey=_zdoc.zdoc.group

& other ...

III. Authentication Bypass Vulnerability

-------------------------------------------------

"Administration Area" script has no any authentication.

Any user can get access to administrator's area.Just need to know script name