High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Entrans which could be exploited to perform cross-site scripting and SQL injection attacks.
Cross-site scripting (XSS) vulnerability in Entrans: CVE-2010-4932
The vulnerability exists due to input sanitation error in the “query” parameter in search.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
Exploitation example:
http://host/search.php?submit_query=yes&query=1"><script>alert(document.cook ie)</script>&titlesearch =Search
SQL injection vulnerabilities in Entrans
The vulnerability exists due to input sanitation errors in the “parent_id” and “root” parameters in main.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary SQL commands in application`s database. Successful exploitation may allow an attacker to read, modify, add or delete arbitrary data in the database but requires that “magic_quotes_gpc” is off.
Exploitation examples:
http://host/main.php?parent_id=-1’+union+select+user()+--+
http://host/main .php?root=-1’+union+select+user()±-+