From: SecuriTeam <support@securiteam.com.>
To: [email protected]
Date: 31 Mar 2005 10:27:53 +0200
Subject: [UNIX] E-Xoops Easy SQL Injection and Cross Site Scripting
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20050331090257.44F6957EC@mail.tyumen.ru.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
X-Spam-Status: No, hits=2.066 tagged_above=2 required=5 tests=AWL, INFO_TLD,
MSGID_FROM_MTA_ID
X-Spam-Level: **
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
E-Xoops Easy SQL Injection and Cross Site Scripting
------------------------------------------------------------------------
SUMMARY
" <www.exoops.info> XOOPS is an extensible, OO (Object Oriented), easy to
use dynamic web content management system written in PHP. XOOPS is the
ideal tool for developing small to large dynamic community websites, intra
company portals, corporate portals, weblogs and much more."
SQL Injection and Cross Site Scripting vulnerabilities have been found in
E-Xoops Easy Community Management System Forum System. These
vulnerabilities can be exploited by potential attackers to compromise
system's database integrity and/or execute malicious code in context of
Internet browser of users visiting the site.
DETAILS
Vulnerable Systems:
* Community Management System Forum (E-XOOPS)
Cross Site Scripting:
Flaws in user input validation make viewforum.php vulnerable to Cross Site
Scripting attacks:
Examples:
http://localhost/modules/newbb/viewforum.php?sortname=p.post_time&
sortorder=ASC
&sortdays=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&forum=25&refresh=Vai
http://localhost/modules/newbb/index.php?viewcat=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
SQL Injection:
Lack of filtering of user provided input allows SQL Injection:
Examples:
http://localhost/modules/newbb/index.php?viewcat='SQL_INJECTION
http://localhost/modules/sections/index.php?op=viewarticle
&artid=9%2c+9%2c+9
ADDITIONAL INFORMATION
The information has been provided by <mailto:dcrab@hackerscenter.com.>
Dcrab.
The original article can be found at:
<http://icis.digitalparadox.org/~dcrab>;
http://icis.digitalparadox.org/~dcrab
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: [email protected]
In order to subscribe to the mailing list, simply forward this email to: [email protected]
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
