XSS bugs and SQL injection in sNews

2006.02.15

Credit: Alexander Hristov

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-0716

CWE: CWE-89

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

Official page : http://www.solucija.com/home/snews/
XSS in comments :
just post some comment with <script>alert('XSS TEST by
securitydot.net');</script>
FIX : put this on 423 line
$r = str_replace ("<","<",$r);
$r = str_replace (">","&lg",$r);
Injection through categories : index.php?category=1%20or%201=2
FIX : put this on 313 line
if (ereg('^[0-9]*$' , $category))
Injection through id : index.php?id=0%20or%201=2
FIX : put this on 175 line
if (ereg('^[0-9]*$' , $id)) {
--
Securitydot.net
joffer and DrFrancky

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

XSS bugs and SQL injection in sNews

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.