Vulners
Lucene search
TGS CMS 0.x SQL Injection / XSS / Disclosure
`#################################################################
#################################################################
# _______ _ __ __ _ _ ______ #
# |__ __| (_) | \/ (_) | |___ / #
# | | _____ ___ ___| \ / |_ _ __ __| | / / #
# | |/ _ \ \/ / |/ __| |\/| | | '_ \ / _` | / / #
# | | (_) > <| | (__| | | | | | | | (_| |/ /__ #
# |_|\___/_/\_\_|\___|_| |_|_|_| |_|\__,_/_____| #
# #
# +-+-+-+-+ #
# |C|r|e|w| #
# +-+-+-+-+ #
#################################################################
#################################################################
# [#] TGS CMS (Cross Site Scripting,SQL injection,Blind SQL/XPath injection,Source code disclosure,) Multiple Vulnerabilities #
# [#] Discovered By []ViZiOn #
# [#] http://ToxicMindZ.org #
# [#] Greetz: Str0ke & ToxicMindZ Members #
#################################################################
#
# [1]-Cross Site Scripting
#
# Vulnerability Description:
# Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code #injection by malicious web users into the web pages viewed by other users.
#
# Affected items:
# http://127.0.0.1/cms/login.php?previous_page=[XSS]
#
# Exemple: <script>alert(document.cookie)</script>
#
# The Risk:
# By exploiting this vulnerability, an attacker can inject malicious code in the script and can stole cookies.
#
# Fix the vulnerability:
# * Encode output based on input parameters.
# * Filter input parameters for special characters.
# * Filter output based on input parameters for special characters...
#
#################################################################
#
# [2]-SQL injection
#
# Vulnerability Description:
# SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an #application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL #statements or user input is not strongly typed and thereby unexpectedly executed.
#
# Affected items:
# http://127.0.0.1/cms/index.php?tgs_language_id=[SQL Injection]
# http://127.0.0.1/cms/index.php?tpl_dir=[SQL Injection]
# http://127.0.0.1/cms/index.php?referer=[SQL Injection]
# http://127.0.0.1/cms/index.php?user-agent=[SQL Injection]
# http://127.0.0.1/cms/index.php?site=[SQL Injection]
# http://127.0.0.1/cms/index.php?option=[SQL Injection]
# http://127.0.0.1/cms/index.php?db_optimization=[SQL Injection]
# http://127.0.0.1/cms/index.php?owner=[SQL Injection]
# http://127.0.0.1/cms/index.php?admin_email=[SQL Injection]
# http://127.0.0.1/cms/index.php?default_language=[SQL Injection]
# http://127.0.0.1/cms/index.php?db_host=[SQL Injection]
#
# Exemple: -1+ORDER+BY+1-- [You can find the number of colums (Well just incrementing the number until we get an error.)]
#
# The Risk:
# By exploiting this vulnerability, an attacker can inject malicious code in the script and can have acces to the database.
#
# Fix the vulnerability:
# To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parameterized statements must be #used (preferred), or user input must be carefully escaped or filtered.
#
#################################################################
#
# [3]-Blind SQL/XPath injection
#
# Vulnerability Description:
# Blind SQL is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL #injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous #characters.
#
# Affected items:
# http://127.0.0.1/cms/frontpage_ception.php?cmd=[Blind SQL]
# http://127.0.0.1/cms/frontpage_ception.php?s_dir=[Blind SQL]
# http://127.0.0.1/cms/frontpage_ception.php?minutes=[Blind SQL]
# http://127.0.0.1/cms/frontpage_ception.php?s_mask=[Blind SQL]
# http://127.0.0.1/cms/frontpage_ception.php?test3_mp=[Blind SQL]
# http://127.0.0.1/cms/frontpage_ception.php?test15_file1=[Blind SQL]
# http://127.0.0.1/cms/frontpage_ception.php?submit=[Blind SQL]
# http://127.0.0.1/cms/frontpage_ception.php?brute_method=[Blind SQL]
# http://127.0.0.1/cms/frontpage_ception.php?ftp_server_port=[Blind SQL]
# http://127.0.0.1/cms/frontpage_ception.php?userfile14=[Blind SQL]
# http://127.0.0.1/cms/frontpage_ception.php?subj=[Blind SQL]
# http://127.0.0.1/cms/frontpage_ception.php?mysql_l=[Blind SQL]
# http://127.0.0.1/cms/frontpage_ception.php?action=[Blind SQL]
# http://127.0.0.1/cms/frontpage_ception.php?userfile1=[Blind SQL]
#
# Exemple: [Use The Brain xD]
#
# The Risk:
# An unauthenticated attacker may execute arbitrary SQL/XPath statements on the vulnerable system. This may compromise the integrity of your #database and/or expose sensitive information.
#
# Fix the vulnerability:
# *Your script should filter metacharacters from user input.
# *Check detailed information for more information about fixing this vulnerability.
#
#################################################################
#
# [4]-Source code disclosure
#
# Vulnerability Description:
# Looks like the source code for this script is available. This check is using pattern matching to determine if server side tags #are found in the file. In some cases this may generate false positives.
#
# Affected items:
# http://127.0.0.1/cms/index.php (site=admin)
# http://127.0.0.1/cms/admin.php
#
# Exemple:
#
#<?php
#/**
# * index.php
# *
# * Notice: This file is generated by TGS Template Engine Wizard 1.1
# *
# * Copyright 2007 -2008 TGS Open Source Web Content Management CMS (Christoph Krieg <[email protected]>)
# *
# * This program is free software: you can redistribute it and/or modify
# * it under the terms of the GNU General Public License as published by
# * the Free Software Foundation, either version 3 of the License, or
# * (at your option) any later version.
# *
# * This program is distributed in the hope that it will be useful,
# * but WITHOUT ANY WARRANTY; without even the implied warranty of
# * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# * GNU General Public License for more details.
# *
# * You should have received a copy of the GNU General Public License
# * along with this program. If not, see <http://www.gnu.org/licenses/>.
# *
# * @link http://www.tgs-cms.org/
# * @author Christoph Krieg <[email protected]>
# * @package template.index
# */
# require_once( "lib/template.class.php" ) ;
# $tgs_template = new tgs_template();
# $tgs_template->template_dir = "template/";
# $tgs_template->config_dir = "cms/includes/inc_global.php";
# $tgs_template->cms_dir = "cms/";
# $tgs_template->left_delimiter = "{*";
# $tgs_template->right_delimiter = "*}";
# $tgs_template->debug_mode = false;
# $tgs_template->cache_mode = false;
# $tgs_template->cache_option = "disabled";
# $tgs_template->cache_time = "0";
# $tgs_template->offline_mode = false;
# $tgs_template->tgs_template_compile();
#?>
#
# The Risk:
# An attacker can gather sensitive information (database connection strings, application logic) by analysing the source code. This #information can be used to conduct further attacks.
#
# Fix the vulnerability:
# Remove this file from your website or change permissions in order to remove access
#
#################################################################
#################################################################
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Aug 2009 00:00Current
0.4Low risk
Vulners AI Score0.4