lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 24 Feb 2007 22:41:37 -0000 From: simon.itsecurity@...il.com To: bugtraq@...urityfocus.com Subject: SQLiteManager v1.2.0 Multiple Vulnerabilities SQLiteManager v1.2.0 Multiple Vulnerabilities ------------------------------------------------------- vendor : http://www.sqlitemanager.org/ Global risk : High ------------------------------------------------------- SQLite is a SQL managed portal like PhpMyAdmin. Multiple Cross Scripting Vulnerabilities ----------------------------------------- In main.php the database name field is vulnerable to a XSS attack. This xss is permanent, if a user with restricted rights creates a table with as name a malicious code the administrator gone get his cookie stealed when he opens SqliteManager's index. The same things happens for the table's name field if a malicious code is inserted. The solution is then to use htmlentities(). others vulnerables fields to XSS attacks : main.php : ............... ViewName ............... view ............... trigger ............... function ............... (...) Theses vulnerabilities are presents in others pages too. Here too the better solution is to use htmlentities(). reference : www.php.net/htmlentities Locale File Include ------------------- GET /home/sqlite/ HTTP/1.0 [...] Cookie: PHPSESSID=[...];SQLiteManager_currentTheme=../../../../../../../../../../../../../etc/passwd%00; SQLiteManager_currentLangue=deleted SQLiteManager_currentTheme variable is vulnerable. This request will returns the /etc/passwd file. This vulnerability is dangerous, indeed a user with restricted access to SqliteManage could get non-authorized files. Regards, Simon Bonnard - 24/02/2007 Contact : simon.itsecurity[at]gmail[dot]com
Powered by blists - more mailing lists