newangels-10.txt

2006-07-12T00:00:00
ID PACKETSTORM:48173
Type packetstorm
Reporter LBDT
Modified 2006-07-12T00:00:00

Description

                                        
                                            `[newangels-team.eu #10] DGNews - Cross Site Scripting Vulnerability  
====================================================================  
  
Vendor site => http://www.diangemilang.com  
  
Date:  
Jun 18 2006  
  
Risk = MEDIUM  
  
Version:  
1.5.1  
  
Credit:  
=======  
NewAngels Team - Discovered By LBDT - newangels-team.eu  
  
Description:  
DGNews is simple news publishing. Feature: add unlimited categories,  
automatic news image thumbnailed and many  
others. This script need MySQL and phpmyadmin for dump the database. Open  
config.php in admin folder and change any  
fields. Thats all.  
  
Affected file:  
search.php  
  
An attacker can execute html code because chars like "<" and ">" aren't  
filtered in sql query:  
  
$pilih=mysql_query("select * from news_main where title like '%".$sowhat."%'  
or full like '%".$sowhat."%'");  
  
Example:  
http://www.site.com/dgnews/search.php?sowhat=[XSS]<http://www.site.com/dgnews/search.php?sowhat=%5BXSS%5D>  
  
Google search -> "Powered: DGNews"  
  
`