Date: Sun, 20 Aug 2006 13:10:02 +0200
From: "MC Iglo" <mc.iglo@googlemail.com.>
To: [email protected]Subject: Tons of SQL-injections and XSS in Eichhorn Portal and vendor page
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Virus-Scanned: antivirus-gw at tyumen.ru
Hi list.
There are lots of SQL injections and XSS in the 'Eichhorn Portal' by
'Guder und Koch Netzwerktechnik' and their own website.
Input passed to multiple parameters in different PHP-files isn't
properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site or conduct some
SQL injection.
Because there are so many Bugs, I will just give some examples of not
properly checked parameters and form fields:
Eichhorn Portal
- main
parameter "profil_nr"
textfield "suchstring" in "suchForm"
parameter "sprache"
- gallerie module
parameter "GaleryKey"
parameter "Breadcrumbs"
- ggbns module
parameter "GGBNSaction"
guderundkoch.de
- index.php
attribute "topic"
Vendor is not notified, because they don't offer a mailaddress for
this purpose. But they should see lots of strange requests in their
log files :)
MC.Iglo
