XSS and PHP Code Insertion Vulnerabilities in QLnews
Summary
- Vulnerability
- XSS and PHP Code Insertion Vulnerabilities in QLnews
- Discovered
- 2006.03.30
- Last Update
- 2006.04.09 Exploitation code published
- ID
- EV0113
- CVE
- CVE-2006-1575 CVE-2006-1576
- Risk Level
- high
- Type
- Multiple Vulnerabilities
- Status
- Unpatched. No reply from developer(s)
- Vendor
- n/a
- Vulnerable Software
- QLnews (http://www.vscripts.pl/)
- Version
- 1.2
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Multiple Vulnerabilities found in QLnews (http://www.vscripts.pl/) script.
1. Cross-Site Scripting.
Vulnerable Script: news.php
Parameters autorx, newsx are not properly sanitized. This can be used to post arbitrary HTML or web script code.
2. PHP Code Insertion.
Administrator has an ability to edit variable values in config.php file. This can be used to insert arbitrary PHP code into config file which executes by every php-script.
System access is possible.
Condition: magic_quotes_gpc = off
PoC/Exploit
1. Cross-Site Scripting Example.
URL: http://[host]/qlnews/news.php?a=write&nr=1&opcja=1&wybor=1
Autor: [XSS]
Tresc: [XSS]
2. PHP Code Insertion Example.
URL: http://[host]/qlnews/admin.php?a=settings
Number of news on main page: 5"; [php_code] $aa="
Solution.
Solution for "XSS and PHP Code Insertion Vulnerabilities in QLnews" is not available. Check vendor's website for updates.