Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src / Print Next >>

Date: Tue, 14 Feb 2006 18:25:13 +0200
From: Alexander Hristov <joffer@gmail.com.>
To: [email protected]
Subject: XSS bugs and SQL injection in sNews
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Virus-Scanned: antivirus-gw at tyumen.ru

Official page : http://www.solucija.com/home/snews/

XSS in comments :

just post some comment with <script>alert('XSS TEST by
securitydot.net');</script>
=09=09=09
FIX : put this on 423 line
$r =3D str_replace ("<","&lt",$r);
=09=09$r =3D str_replace (">","&lg",$r);

Injection through categories : index.php?category=3D1%20or%201=3D2

FIX : put this on 313 line
if (ereg('^[0-9]*$' , $category))

Injection through id : index.php?id=3D0%20or%201=3D2

FIX : put this on 175 line
if (ereg('^[0-9]*$' , $id)) {

--
Securitydot.net
joffer and DrFrancky

<< Previous INDEX Search src / Print Next >>

Партнёры:

Хостинг: