Subject: WebTester 5.0.2 sql injection and XSS vulnerabilities
Date: Wed, 14 Feb 2007 17:01:19 +0200
Message-ID: <4AA826D2B7232444977AA3A2133B7C3202CDF1@dcx.moozatechil.com.>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: WebTester 5.0.2 sql injection and XSS vulnerabilities
Thread-Index: AcdQR741k4zLDrzbTwmAFuP+ckd+SgAAQqnA
From: "Moran Zavdi" <moranz@moozatech.com.>
To: <bugtraq@securityfocus.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
Application: WebTester
Web Site: http://www.webtester.us/
Versions: 5.0.20060927 and below
Platform: linux, windows, freebsd, sun
Bug: Cross Site Scripting and SQL Injection
Severity: high
Fix Available: No
-------------------------------------------------------
1) Introduction
2) Bug
3) The Code
4) Fix
5) About Vigilon
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
1) Introduction
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
WebTester is a full featured solution for online test and quiz creation,
management, and analysis. It runs on any web server that supports the
PHP language, and the intuitive interface makes sure that every
available feature is simple to implement.
=3D=3D=3D=3D=3D=3D
2) Bug
=3D=3D=3D=3D=3D=3D
Cross-Site Scripting and SQL Injection.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
3) Proof of concept.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
For SQL Injection
http://website/webtester/directions.php?testID=3D\'
almost every page with GET or POST parameters have SQL injection.
it is possible to create XSS thru several files using POST parameters.
=3D=3D=3D=3D=3D=3D
4) Fix
=3D=3D=3D=3D=3D=3D
download the latest version from the web site.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
5) About Vigilon
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Vigilon Inc. is a security software company that helps organizations,
and the security providers that serve them, reduce business risk while
lowering operational security costs. using the Continual Vigilance
platform.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
6) Disclaimer
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties with regard to this information. In no event shall the
author be liable for any damages whatsoever arising out of or in
connection with the use or spread of this information. Any use of this
information is at the user's own risk.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
7) FeedBack
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Please send suggestions, updates, and comments to:
[email protected]
http://www.vigilon.com
Credit:
Moran Zavdi.
