From: "Omid" <omid@hackers.ir.>
To: <bugtraq@securityfocus.com.>
Subject: Sql injection in RunCMS
Date: Thu, 07 Sep 2006 09:39:41 +0430
User-Agent: Hackers.ir/1.0
MIME-Version: 1.0
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: 8bit
Importance: Normal
X-Priority: 3 (Normal)
X-Mailer: Hackers.ir/1.0
X-Virus-Scanned: antivirus-gw at tyumen.ru
Hi,
There are several sql injections in RunCMS 1.4.1 (and maybe before versions) :
The "uid" parameter in /class/sessions.class.php, is not checked correctly,
which can cause 2 sql injections .
Also, "timezone_offset" and "umode" parameters in /class/xoopsuser.php,
can make sql injections in 2 queries .
Fixpacks can be downloaded from RunCms official website :
http://www.runcms.org/modules/mydownloads/viewcat.php?cid=5
The original advisory (in Persian) is located at :
http://www.hackers.ir/advisories/runcms.html
- Omid
