Multiple Vulnerabilities in Entrans

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Entrans which could be exploited to perform cross-site scripting and SQL injection attacks.

1. Cross-site scripting (XSS) vulnerability in Entrans: CVE-2010-4932
   The vulnerability exists due to input sanitation error in the “query” parameter in search.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
   Exploitation example:
   http://host/search.php?submit_query=yes&amp;query=1"><script>alert(document.cook ie)</script>&titlesearch =Search

2. SQL injection vulnerabilities in Entrans
   The vulnerability exists due to input sanitation errors in the “parent_id” and “root” parameters in main.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary SQL commands in application`s database. Successful exploitation may allow an attacker to read, modify, add or delete arbitrary data in the database but requires that “magic_quotes_gpc” is off.
   Exploitation examples:
   http://host/main.php?parent_id=-1’+union+select+user()+--+
   http://host/main .php?root=-1’+union+select+user()±-+