lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061219135241.7363.qmail@securityfocus.com>
Date: 19 Dec 2006 13:52:41 -0000
From: filip.palian@...stk.edu.pl
To: bugtraq@...urityfocus.com
Subject: Multiple XSS vulnerabiliteies in Inetmedia's information service
 - cityinfo.

Description:
============
Multiple XSS and SQL injection vulnerabilities were found in Inetmedia's web services cityinfo.pl and cityaz.de, which my be exploited by attackers to gain  confidential information and/or modify datebase.

These  flaws  are  due  to  PHP programming mistakes in:
  "http://users.[CITY_NAME].cityinfo.pl/";
  "http://users.[CITY_NAME].cityaz.de/";
  "http://[CITY_NAME].cityinfo.pl/firma.php";
  "http://[CITY_NAME].cityinfo.pl/page_tpl.php";
  "http://[CITY_NAME].cityaz.de/firma.php";
  "http://[CITY_NAME].cityaz.de/page_tpl.php";
  "https://users.[CITY_NAME].pl/";
  "https://users.[CITY_NAME].de/";
  "https://[CITY_NAME].cityinfo.pl/";
  "https://[CITY_NAME].cityaz.de/".

CITY_NAME - name of the city in Poland or Germany.

Probably there are more flaws, which were not discovered during research.

Examples:
=========
http://users.krakinfo.pl/index.php?msg=<script>alert(document.cookie);</script>
http://www.krakinfo.pl/firma.php?id=-1%20union%20select%20*%20from%20uzytkownicy

References:
===========
www.cityinfo.pl
stats.inetmedia.pl/cityinfo.php
www.cityaz.de
stats.inetmedia.pl/cityaz.php
www.inetmedia.pl

Credits:
========
Vulnerabilities were found by:
  &#321;ukasz Juszczyk a.k.a kahir,
  Filip Palian a.k.a s_n.

Feedback:
=========
<lukasz.juszczyk at pjwstk.edu.pl>
<filip.palian at pjwstk.edu.pl>

Additional information:
=======================
Vulnerability reported to Inetmedia on 25-06-06 at 14:30.

Acknowledgment:
===============
[DFT]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ