Multiple XSS and SQL Injection in aWebNews
Summary
- Vulnerability
- Multiple XSS and SQL Injection in aWebNews
- Discovered
- 2006.04.01
- Last Update
- 2006.04.11 Exploitation code published
- ID
- EV0116
- CVE
- CVE-2006-1612 CVE-2006-1613
- Risk Level
- medium
- Type
- Multiple Vulnerabilities
- Status
- Unpatched. Vendor notyfied.
- Vendor
- n/a
- Vulnerable Software
- aWebNews (http://labs.aweb.com.au/awebnews.php)
- Version
- 1.0
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Multiple Vulnerabilities found in aWebNews (http://labs.aweb.com.au/awebnews.php) script.
1. Multiple Cross-Site Scripting Vulnerabilities.
Vulnerable Script: visview.php
Parameters yname, emailadd, subject, comment are not properly sanitized. This can be used to post arbitrary HTML or web script code.
2. Multiple SQL Injections.
Vulnerable scripts: login.php fpass.php visview.php
Variables $user123(login.php), $user123(fpass.php), $_GET['cid'](visview.php) are not properly sanitized before being used in SQL queries. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
PoC/Exploit
1. Cross-Site Scripting Example.
URL: http://[host]/visview.php?b=newc&cid=2916852
Your Name: [XSS]
Email / Website: aaa">[XSS]<aaa aaa="
Comment Subject: [XSS]
Comment Text: [XSS]
2. SQL Injection Example.
URL: http://[host]/visview.php?a=c&cid=2916852'%20union%20select%201,2,3,4,5,6/*
Solution.
Solution for "Multiple XSS and SQL Injection in aWebNews" is not available. Check vendor's website for updates.
Order Source Code Review made by eVuln team
Defend against hacking by source code testing of your site made by eVuln team.The work will be done by experts in web application security.