Multiple XSS and SQL Injection in RedCMS
- Multiple XSS and SQL Injection in RedCMS
- Last Update
- 2006.04.09 Exploitation code published
- CVE-2006-1568 CVE-2006-1569
- Risk Level
- Multiple Vulnerabilities
- Unpatched. No reply from developer(s)
- Vulnerable Software
- RedCMS (http://redcms.co.uk/)
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Multiple Vulnerabilities found in RedCMS (http://redcms.co.uk/) script.
1. Multiple Cross-Site Scripting Vulnerabilities.
Parameters email, location, website are not properly sanitized. This can be used to post arbitrary HTML or web script code.
2. Multiple SQL Injections.
Vulnerable scripts: </p><p>login.php</p><p>profile.php</p><p>register.php</p><p>...</p>
Variables $username(login.php), $password(login.php), $u(profile.php), $username(register.php), $password(register.php),... All user-defined variables are not properly sanitized before being used in SQL queries. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
1. Cross-Site Scripting Example.
Email: aaa'>[XSS]<aaa aaa=';
Location: aaa'>[XSS]<aaa aaa=';
Website: aaa'>[XSS]<aaa aaa=';
2. SQL Injection Examples.
Username: ' or 1/*
URL: http://[host]/redcms/profile.php? id=99'%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,161,7,18,19,20/*
Solution for "Multiple XSS and SQL Injection in RedCMS" is not available. Check vendor's website for updates.
Order Source Code Review
Check your website or web application by source code testing of a website made by eVuln team.The work will be done by experts in website security.