[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050516182901.11075.qmail@www.securityfocus.com>
Date: 16 May 2005 18:29:01 -0000
From: <deluxe@...urity-project.org>
To: bugtraq@...urityfocus.com
Subject: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple
Vulnerabilities (09.05.05)
[SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05)
Vendor: JGS-XA
URL: http://www.jgs-xa.de/
Version: <= 3.0.2
Type: SQL-Injections, XSS and Full Path Disclosures
Discovered by deluxe89 and the Security-Project Team
Description:
-------------------------
The JGS-Portal is a high customisable Portal for the Woltlab Burning Board.
SQL-Injections:
-------------------------
/jgs_portal.php?anzahl_beitraege=[SQL-Injection]
/jgs_portal_statistik.php?meinaction=mitglieder&month=1&year=1[SQL-Injection]
/jgs_portal_statistik.php?meinaction=themen&month=1&year=1[SQL-Injection]
/jgs_portal_statistik.php?meinaction=beitrag&month=1&year=1[SQL-Injection]
/jgs_portal_beitraggraf.php?month=1&year=1[SQL-Injection]
/jgs_portal_viewsgraf.php?jahr=1&monat=1&tag=1[SQL-Injection]
/jgs_portal_themengraf.php?month=1&year=1[SQL-Injection]
/jgs_portal_mitgraf.php?month=1&year=1[SQL-Injection]
/jgs_portal_sponsor.php?id=[SQL-Injection]
/jgs_portal_log.php
"Accept-Language"-Header SQL-Injection, the first two chars
JGS-Portal Version <= 3.0.1 SQL-Injection Vulnerability:
/jgs_portal_box.php?id=[SQL-Injection]
Many SQL-Injections are exploitable.
Cross Site Scripting:
-------------------------
You can abuse the SQL-Injections for XSS attacks.
Full Path Disclosures:
-------------------------
/jgs_portal_ref.php
/jgs_portal_land.php
/jgs_portal_log.php
/jgs_portal_global_sponsor.php
/jgs_portal_global.php
/jgs_portal_system.php
/jgs_portal_views.php
/jgs_portal_include/jgs_portal_boardmenue.php
/jgs_portal_include/jgs_portal_forenliste.php
/jgs_portal_include/jgs_portal_geburtstag.php
/jgs_portal_include/jgs_portal_guckloch.php
/jgs_portal_include/jgs_portal_kalender.php
/jgs_portal_include/jgs_portal_letztethemen.php
/jgs_portal_include/jgs_portal_links.php
/jgs_portal_include/jgs_portal_neustemember.php
/jgs_portal_include/jgs_portal_newsboard.php
/jgs_portal_include/jgs_portal_online.php
/jgs_portal_include/jgs_portal_pn.php
/jgs_portal_include/jgs_portal_portalmenue.php
/jgs_portal_include/jgs_portal_styles.php
/jgs_portal_include/jgs_portal_suchen.php
/jgs_portal_include/jgs_portal_team.php
/jgs_portal_include/jgs_portal_topforen.php
/jgs_portal_include/jgs_portal_topposter.php
/jgs_portal_include/jgs_portal_umfrage.php
/jgs_portal_include/jgs_portal_useravatar.php
/jgs_portal_include/jgs_portal_waronline.php
/jgs_portal_include/jgs_portal_woonline.php
/jgs_portal_include/jgs_portal_zufallsavatar.php
Security-Project
-------------------------
Visit www.security-project.org
Powered by blists - more mailing lists