| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 20 Jul 2005 02:08:10 -0000 From: thegreatone2176@...oo.com To: bugtraq@...urityfocus.com Subject: Multiple Vulnerabilities in PHP Surveyor ----------------------------------------------------------- Multiple Vulnerabilities in PHP Surveyor version 0.98 stable ------------------------------------------------------------ Summary: PHP Surveyor is vulnerable to many sql injections, cross site scriptings, and path disclosures. Details: root directory -------------- question.php, survey.php, group.php - all give path disclosure admin directory -------------- browse.php - sid, start, and id parametereters all vulnerable to injection and xss, no parametereter gives sql error. dataentry.php - sid sql injection and xss export.php - sid sql injection and xss, no parametereter gives sql error. database.php - straight to page gives path disclosure. dumpquestion.php - qid=' gives multiple path disclosures. admin.php - sid parameter sql injection labels.php - lid parameter sql injection and path disclosure dumplabel.php - lid parameter sql injection and path disclosure sessioncontrol.php - straight to page gives path disclosure html.php - straight to page gives path disclosure conditions.php - no parameter sql error, sql injection on sid parameter spss.php - no parameter sql error, sql inject on sid parameter deletesurvey.php - sql inject with sid when ok=Y dumpsurvey.php - sid sql injection statistics.php - sid sql injection ------------------------------- Solution: Cleanse all user input before processing to stop injections, check to make sure parameters are present before processing to stop sql errors and path disclosure. Credit: tgo thegreatone2176@...oo.com Greets: smooth_operator and zith
Powered by blists - more mailing lists