lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 1 Dec 2009 09:14:06 -0700
From: c0dy@...tDefaced.net
To: bugtraq@...urityfocus.com
Subject: Theeta CMS (Cross Site Scripting,SQL Injection) Multiple
 Vulnerabilities

##################################################################
##################################################################
#          ___   ___  _   _____        __                   _    #
#         / _ \ / _ \| | |  __ \      / _|                 | |   #
#    _ __| | | | | | | |_| |  | | ___| |_ __ _  ___ ___  __| |   #
#   | '__| | | | | | | __| |  | |/ _ \  _/ _` |/ __/ _ \/ _` |   #
#   | |  | |_| | |_| | |_| |__| |  __/ || (_| | (_|  __/ (_| |   #
#   |_|   \___/ \___/ \__|_____/ \___|_| \__,_|\___\___|\__,_|   #
#                                                                #
#                                                                #
#                                             +-+-+-+-+          #
#                                             |C|r|e|w|          #
#                                             +-+-+-+-+          #
##################################################################
##################################################################
# [#] Theeta CMS (Cross Site Scripting,SQL Injection) Multiple Vulnerabilities  #
# [#] Discovered By c0dy                                         #
# [#] http://r00tDefaced.net                                     #
# [#] Greetz: sHoKeD-bYte, syst0x1c & r00tDefaced Members        #
##################################################################
#
# [1]-Cross Site Scripting
#
# Vulnerability Description:
#               Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code #injection by malicious web users into the web pages viewed by other users.
#
# Affected items:
#          http://127.0.0.1/community/thread.php?start=[XSS] 
#          http://127.0.0.1/community/thread.php?forum=[XSS]
#          http://127.0.0.1/community/thread.php?cat=[XSS] 
#          http://127.0.0.1/community/forum.php?start=[XSS] 
#          http://127.0.0.1/community/forum.php?cat=[XSS]
#          http://127.0.0.1/blog/index.php?start=[XSS]
#
#
# Exemple: <script>alert(document.cookie)</script>             
#
# The Risk:
#     By exploiting this vulnerability, an attacker can inject malicious code in the script and can stole cookies.
#
# Fix the vulnerability:
#     * Encode output based on input parameters.
#     * Filter input parameters for special characters.
#     * Filter output based on input parameters for special characters...
#
#################################################################
#
# [2]-SQL injection
#
# Vulnerability Description:
#               SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an #application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL #statements or user input is not strongly typed and thereby unexpectedly executed.
#
# Affected items:
#          http://127.0.0.1/community/forum.php?start=[SQL Injection] 
#          http://127.0.0.1/community/thread.php?start=[SQL Injection]
#          http://127.0.0.1/blog/index.php?start=[SQL Injection]
# 
# Exemple: -1+ORDER+BY+1-- [You can find the number of colums (Well just incrementing the number until we get an error.)]
#
# The Risk:
#     By exploiting this vulnerability, an attacker can inject malicious code in the script and can have acces to the database.
#
# Fix the vulnerability:
#     To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parameterized statements must be used #(preferred), or user input must be carefully escaped or filtered.
#
#################################################################
#################################################################

# r00tDefaced [2009-12-01]

Powered by blists - more mailing lists