| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 19 Dec 2006 13:52:41 -0000 From: filip.palian@...stk.edu.pl To: bugtraq@...urityfocus.com Subject: Multiple XSS vulnerabiliteies in Inetmedia's information service - cityinfo. Description: ============ Multiple XSS and SQL injection vulnerabilities were found in Inetmedia's web services cityinfo.pl and cityaz.de, which my be exploited by attackers to gain confidential information and/or modify datebase. These flaws are due to PHP programming mistakes in: "http://users.[CITY_NAME].cityinfo.pl/"; "http://users.[CITY_NAME].cityaz.de/"; "http://[CITY_NAME].cityinfo.pl/firma.php"; "http://[CITY_NAME].cityinfo.pl/page_tpl.php"; "http://[CITY_NAME].cityaz.de/firma.php"; "http://[CITY_NAME].cityaz.de/page_tpl.php"; "https://users.[CITY_NAME].pl/"; "https://users.[CITY_NAME].de/"; "https://[CITY_NAME].cityinfo.pl/"; "https://[CITY_NAME].cityaz.de/". CITY_NAME - name of the city in Poland or Germany. Probably there are more flaws, which were not discovered during research. Examples: ========= http://users.krakinfo.pl/index.php?msg=<script>alert(document.cookie);</script> http://www.krakinfo.pl/firma.php?id=-1%20union%20select%20*%20from%20uzytkownicy References: =========== www.cityinfo.pl stats.inetmedia.pl/cityinfo.php www.cityaz.de stats.inetmedia.pl/cityaz.php www.inetmedia.pl Credits: ======== Vulnerabilities were found by: Łukasz Juszczyk a.k.a kahir, Filip Palian a.k.a s_n. Feedback: ========= <lukasz.juszczyk at pjwstk.edu.pl> <filip.palian at pjwstk.edu.pl> Additional information: ======================= Vulnerability reported to Inetmedia on 25-06-06 at 14:30. Acknowledgment: =============== [DFT]
Powered by blists - more mailing lists