Multiple XSS and SQL Injection in Links Manager
Summary
- Vulnerability
- Multiple XSS and SQL Injection in Links Manager
- Discovered
- 2006.08.21
- Last Update
- 2006.08.31 Exploitation code published
- ID
- EV0136
- CVE
- CVE-2006-4327 CVE-2006-4328
- Risk Level
- medium
- Type
- Multiple Vulnerabilities
- Status
- Unpatched. No reply from developer(s)
- Vendor
- CloudNine Interactive (http://www.cloudnineinteractive.co.uk/)
- Vulnerable Software
- Links Manager (http://www.cloudnineinteractive.co.uk/stuffforyou.htm)
- Version
- 2006-06-12
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Multiple Vulnerabilities found in Links Manager (http://www.cloudnineinteractive.co.uk/stuffforyou.htm) script.
1. SQL Injection.
Vulnerable script: admin.php
Parameter nick is not properly sanitized before being used in SQL query. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
2. Cross-Site Scripting.
Vulnerable Script: add_url.php
Parameters title description keywords are not properly sanitized. This can be used to post arbitrary HTML or web script code. This code will be executed when administrator will visit control panel for link approval.
PoC/Exploit
1. SQL Injection Example.
URL: http://host/admin.php
username: aaa' union select 123/*
password: 123
2. Cross-Site Scripting Example.
URL: http://host/add_url.php?c=1
Title: [XSS]
Description: [XSS]
Keywords: [XSS]
Solution.
Solution for "Multiple XSS and SQL Injection in Links Manager" is not available. Check CloudNine Interactive website for updates.