SQL Injection and XSS Vulnerabilities in indexcity

Summary

Vulnerability
SQL Injection and XSS Vulnerabilities in indexcity
Discovered
2006.08.21
Last Update
2006.08.31 Exploitation code published
ID
EV0135
CVE
CVE-2006-4323 CVE-2006-4324
Risk Level
medium
Type
Multiple Vulnerabilities
Status
Unpatched. No reply from developer(s)
Vendor
CityForFree (http://www.cityforfree.com/)
Vulnerable Software
indexcity (http://www.cityforfree.com/free_script.htm)
Version
1.0
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Multiple Vulnerabilities found in indexcity (http://www.cityforfree.com/free_script.htm) script.

1. SQL Injection.

Vulnerable script: list.php

Parameter cate_id is not properly sanitized before being used in SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off


2. Cross-Site Scripting.

Vulnerable Script: add_url2.php

Parameter url is not properly sanitized. This can be used to post arbitrary HTML or web script code.

PoC/Exploit

1. SQL Injection Example.

URL: http://host/indexcity/list.php?cate_id=999'%20union%20select%201,2,3,4,5,6,7/*


2. Cross-Site Scripting Example.

URL: http://host/indexcity/add_url.php
Website: aaa.com' onmouseover='alert(123)'>


Solution.

Solution for "SQL Injection and XSS Vulnerabilities in indexcity" is not available. Check CityForFree website for updates.

Order Source Code Audit

Check a site by source code review of your website or web application done by Aliaksandr Hartsuyeu.The order will be done by specialists in web security.

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>