Multiple Vulnerabilities in PHP Surveyor

2005-07-21T00:00:00
ID SECURITYVULNS:DOC:9246
Type securityvulns
Reporter Securityvulns
Modified 2005-07-21T00:00:00

Description


Multiple Vulnerabilities in PHP Surveyor version 0.98 stable

Summary:

PHP Surveyor is vulnerable to many sql injections, cross site scriptings, and path disclosures.

Details:

root directory

question.php, survey.php, group.php - all give path disclosure

admin directory

browse.php - sid, start, and id parametereters all vulnerable to injection and xss, no

parametereter gives sql error.

dataentry.php - sid sql injection and xss

export.php - sid sql injection and xss, no parametereter gives sql error.

database.php - straight to page gives path disclosure.

dumpquestion.php - qid=' gives multiple path disclosures.

admin.php - sid parameter sql injection

labels.php - lid parameter sql injection and path disclosure

dumplabel.php - lid parameter sql injection and path disclosure

sessioncontrol.php - straight to page gives path disclosure

html.php - straight to page gives path disclosure

conditions.php - no parameter sql error, sql injection on sid parameter

spss.php - no parameter sql error, sql inject on sid parameter

deletesurvey.php - sql inject with sid when ok=Y

dumpsurvey.php - sid sql injection

statistics.php - sid sql injection


Solution:

Cleanse all user input before processing to stop injections, check to make sure parameters are present before processing to stop sql errors and path disclosure.

Credit:

tgo thegreatone2176@yahoo.com

Greets:

smooth_operator and zith