Theeta CMS 0.01 Cross Site Scripting, SQL Injection

2010-04-22 / 2010-04-23
Credit: c0dy
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-79
CWE-89

######################################################### # [#] Theeta CMS (Cross Site Scripting,SQL Injection) Multiple Vulnerabilities # # [#] Discovered By c0dy # # [#] http://r00tDefaced.net # # [#] Greetz: sHoKeD-bYte, syst0x1c & r00tDefaced Members # #### # # [1]-Cross Site Scripting # # Vulnerability Description: # Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code #injection by malicious web users into the web pages viewed by other users. # # Affected items: # http://127.0.0.1/community/thread.php?start=[XSS] # http://127.0.0.1/community/thread.php?forum=[XSS] # http://127.0.0.1/community/thread.php?cat=[XSS] # http://127.0.0.1/community/forum.php?start=[XSS] # http://127.0.0.1/community/forum.php?cat=[XSS] # http://127.0.0.1/blog/index.php?start=[XSS] # # # Exemple: <script>alert(document.cookie)</script> # # The Risk: # By exploiting this vulnerability, an attacker can inject malicious code in the script and can stole cookies. # # Fix the vulnerability: # * Encode output based on input parameters. # * Filter input parameters for special characters. # * Filter output based on input parameters for special characters... # ################################################################# # # [2]-SQL injection # # Vulnerability Description: # SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an #application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL #statements or user input is not strongly typed and thereby unexpectedly executed. # # Affected items: # http://127.0.0.1/community/forum.php?start=[SQL Injection] # http://127.0.0.1/community/thread.php?start=[SQL Injection] # http://127.0.0.1/blog/index.php?start=[SQL Injection] # # Exemple: -1+ORDER+BY+1-- [You can find the number of colums (Well just incrementing the number until we get an error.)] # # The Risk: # By exploiting this vulnerability, an attacker can inject malicious code in the script and can have acces to the database. # # Fix the vulnerability: # To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parameterized statements must be used #(preferred), or user input must be carefully escaped or filtered. # ################################################################# ################################################################# # r00tDefaced [2009-12-01]

References:

http://www.securityfocus.com/archive/1/archive/1/508148/100/0/threaded
http://secunia.com/advisories/37529
http://packetstormsecurity.org/0912-exploits/theeta-sqlxss.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top