Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

noahSQLXSS.txt

🗓️ 22 Sep 2005 00:00:00Reported by trueend5Type 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 26 Views

Software: phpoutsourcing Noah's classifieds, SQL injection & XSS vulnerability, Remote exploitatio

Code
`Software: phpoutsourcing Noah's classifieds  
Vendor: http://classifieds.phpoutsourcing.com/  
Version: all versions  
Bug: SQL injection & XSS   
Exploitation: Remote with browser  
-------------------------------------------------------------------------------------  
Introduction:  
Noah' Classifieds is a general purpose application  
that allows you to set up as many ad categories as you  
want specifying custom fields for each of them.  
  
vulnerability:  
  
Several scripts do not properly validate user-supplied  
input. A remote user can create specially crafted  
parameter values that will execute SQL commands on the  
underlying database.A remote user can create a  
specially crafted URL that, when loaded by a target  
user, will cause arbitrary scripting code to be  
executed by the target user's browser. As a result,  
the code will be able to access the target user's  
cookies.   
IN this cases, The rollid parameter is vulnerable.  
-----------------------------  
SQL Injection:  
Demonstration exploit URL  
http://localhost/classifieds/index.php?methode=showdetails&list=Advertisment&rollid=4'  
The vulnerability is easy to exploit for example  
"Search" & "forgotten password" pages might be used to  
explot with simple ' (%27)  
-All versions are vulnerable-  
-------------------------------  
XSS:  
Demonstration exploit URL  
http://localhost/classifieds/index.php?methode=showdetails&list=Advertisment&rollid=4'<script>alert(document.cookie)</script>  
Username and hashed password set by cookie so Customer  
cookies may be compromised. The attacker may be able  
to pose as a legitimate user to view and alter user  
records, and perform transactions as that user.  
-Just tested on classified 1.3 (the last release)-  
-------------------------------  
Solution:   
There is not any vendor-supplied patch at this time.  
-------------------------------  
Credits:  
Discovered & released by trueend5  
[ Security Researchers Institute Of Iran <KAPDA.ir> in  
association with iraNNetjob.com]  
  
Original advisory: http://www.irannetjob.com/index.php?option=com_content&task=view&id=122&Itemid=28  
  
__________________________________________________  
Do You Yahoo!?  
Tired of spam? Yahoo! Mail has the best spam protection around   
http://mail.yahoo.com   
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Sep 2005 00:00Current
7.4High risk
Vulners AI Score7.4
phpoutsourcingnoah's classifiedssql injectionxssremote exploitationdiscovered by trueend5security researchers institute of iran <kapda.ir>irannetjob.com
26