lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 16 May 2005 18:29:01 -0000
From: <deluxe@...urity-project.org>
To: bugtraq@...urityfocus.com
Subject: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple
    Vulnerabilities (09.05.05)




[SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05)

Vendor: JGS-XA
URL: http://www.jgs-xa.de/
Version: <= 3.0.2
Type: SQL-Injections, XSS and Full Path Disclosures

Discovered by deluxe89 and the Security-Project Team



Description:
-------------------------
The JGS-Portal is a high customisable Portal for the Woltlab Burning Board.




SQL-Injections:
-------------------------
/jgs_portal.php?anzahl_beitraege=[SQL-Injection]
/jgs_portal_statistik.php?meinaction=mitglieder&month=1&year=1[SQL-Injection]
/jgs_portal_statistik.php?meinaction=themen&month=1&year=1[SQL-Injection]
/jgs_portal_statistik.php?meinaction=beitrag&month=1&year=1[SQL-Injection]
/jgs_portal_beitraggraf.php?month=1&year=1[SQL-Injection]
/jgs_portal_viewsgraf.php?jahr=1&monat=1&tag=1[SQL-Injection]
/jgs_portal_themengraf.php?month=1&year=1[SQL-Injection]
/jgs_portal_mitgraf.php?month=1&year=1[SQL-Injection]
/jgs_portal_sponsor.php?id=[SQL-Injection]

/jgs_portal_log.php
"Accept-Language"-Header SQL-Injection, the first two chars

JGS-Portal Version <= 3.0.1 SQL-Injection Vulnerability:
/jgs_portal_box.php?id=[SQL-Injection]

Many SQL-Injections are exploitable.



Cross Site Scripting:
-------------------------
You can abuse the SQL-Injections for XSS attacks.




Full Path Disclosures:
-------------------------
/jgs_portal_ref.php
/jgs_portal_land.php
/jgs_portal_log.php
/jgs_portal_global_sponsor.php
/jgs_portal_global.php
/jgs_portal_system.php
/jgs_portal_views.php
/jgs_portal_include/jgs_portal_boardmenue.php
/jgs_portal_include/jgs_portal_forenliste.php
/jgs_portal_include/jgs_portal_geburtstag.php
/jgs_portal_include/jgs_portal_guckloch.php
/jgs_portal_include/jgs_portal_kalender.php
/jgs_portal_include/jgs_portal_letztethemen.php
/jgs_portal_include/jgs_portal_links.php
/jgs_portal_include/jgs_portal_neustemember.php
/jgs_portal_include/jgs_portal_newsboard.php
/jgs_portal_include/jgs_portal_online.php
/jgs_portal_include/jgs_portal_pn.php
/jgs_portal_include/jgs_portal_portalmenue.php
/jgs_portal_include/jgs_portal_styles.php
/jgs_portal_include/jgs_portal_suchen.php
/jgs_portal_include/jgs_portal_team.php
/jgs_portal_include/jgs_portal_topforen.php
/jgs_portal_include/jgs_portal_topposter.php
/jgs_portal_include/jgs_portal_umfrage.php
/jgs_portal_include/jgs_portal_useravatar.php
/jgs_portal_include/jgs_portal_waronline.php
/jgs_portal_include/jgs_portal_woonline.php
/jgs_portal_include/jgs_portal_zufallsavatar.php



Security-Project
-------------------------
Visit www.security-project.org


Powered by blists - more mailing lists