| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 9 Nov 2006 17:05:41 -0000 From: saps.audit@...il.com To: bugtraq@...urityfocus.com Subject: bitweaver <=1.3.1 [injection sql (post) & xss (post)] bitweaver <=1.3.1 [injection sql (post) & xss (post)] vendor site: http://www.bitweaver.org/ product :bitweaver 1.3.1 bug:injection sql post & multiples xss post risk : high severals juicy sql error can be found in the sort_mode var , sql (get) : http://localhost/bitweaver/blogs/list_blogs.php?sort_mode=-98 http://localhost/bitweaver/fisheye/list_galleries.php?sort_mode=-98 http://localhost/bitweaver/fisheye/index.php?sort_mode=-98 http://127.0.0.1/bitweaver/wiki/orphan_pages.php?sort_mode=-98 http://127.0.0.1/bitweaver/wiki/list_pages.php?find=&sort_mode=-98 injection sql (post) : path : http://site.com/bitweaver/newsletters/edition.php Variables: bitweaver/newsletters/edition.php?tk=[SQL]&find=1&search=suchen XSS post : http://localhost/bitweaver/articles/edit.php ===> xss post in message title ( submit article ) http://localhost/bitweaver/blogs/post.php ==> xss post in message title ( blog ) http://localhost/bitweaver/wiki/edit.php?page=SandBox ==> xss post in message description ( wiki ) those xss are pretty dangerous , like in submit article , wich is only viewed by an administrator , to approve the submitted article, so he can easly get his cookie stealed . laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@...il.com
Powered by blists - more mailing lists