multiple XSS and SQL Injection in Shoutbox

Summary

Vulnerability
multiple XSS and SQL Injection in Shoutbox
Discovered
2006.02.01
Last Update
2006.02.11 Exploitation code published
ID
EV0055
CVE
CVE-2006-0605 CVE-2006-0606
Risk Level
medium
Type
Multiple Vulnerabilities
Status
Unpatched
Vendor
n/a
Vulnerable Software
Shoutbox (http://www.unknowndomain.co.uk/)
Version
2005.07.21
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Multiple Vulnerabilities found in Shoutbox (http://www.unknowndomain.co.uk/) script.

Most of user defined data isn't properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code (authorization or viewing blog and forum) or insert any javascript code (when posting new messages).

Condition for SQL Injections: magic_quotes_gpc - off

PoC/Exploit

XSS Example:

Link: http://host/shoutbox/index.php
Handle: <XSS>
Message: <XSS>

SQL Injection Example:

http://host/shoutbox/index.php?do=edit&id=99'%20union%20select%201,2,3,4,5/*

Solution.

Solution for "multiple XSS and SQL Injection in Shoutbox" is not available. Check vendor's website for updates.