lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050720020810.24925.qmail@securityfocus.com>
Date: 20 Jul 2005 02:08:10 -0000
From: thegreatone2176@...oo.com
To: bugtraq@...urityfocus.com
Subject: Multiple Vulnerabilities in PHP Surveyor


-----------------------------------------------------------
Multiple Vulnerabilities in PHP Surveyor version 0.98 stable 
------------------------------------------------------------

Summary:

PHP Surveyor is vulnerable to many sql injections, cross site scriptings, and path disclosures.

Details:

root directory
--------------

question.php, survey.php, group.php - all give path disclosure

admin directory
--------------

browse.php - sid, start, and id parametereters all vulnerable to injection and xss, no 

parametereter gives sql error.

dataentry.php - sid sql injection and xss

export.php - sid sql injection and xss, no parametereter gives sql error.

database.php - straight to page gives path disclosure.

dumpquestion.php - qid=' gives multiple path disclosures.

admin.php - sid parameter sql injection

labels.php - lid parameter sql injection and path disclosure

dumplabel.php - lid parameter sql injection and path disclosure

sessioncontrol.php - straight to page gives path disclosure

html.php - straight to page gives path disclosure

conditions.php - no parameter sql error, sql injection on sid parameter

spss.php - no parameter sql error, sql inject on sid parameter

deletesurvey.php - sql inject with sid when ok=Y

dumpsurvey.php - sid sql injection

statistics.php - sid sql injection

-------------------------------


Solution:

Cleanse all user input before processing to stop injections, check to make sure parameters are 
present before processing to stop sql errors and path disclosure.

Credit:

tgo thegreatone2176@...oo.com

Greets:

smooth_operator and zith


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ