BBCode img XSS and SQL-inj in discussion-xhawk.net

Summary

Vulnerability
BBCode img XSS and SQL-inj in discussion-xhawk.net
Discovered
2006.03.04
Last Update
2006.03.14 Exploitation code published
ID
EV0092
CVE
CVE-2006-1264 CVE-2006-1265
Risk Level
medium
Type
Multiple Vulnerabilities
Status
Unpatched. No reply from developer(s)
Vendor
xhawk.net (http://xhawk.net)
Vulnerable Software
discussion (http://xhawk.net/projects/discussion/)
Version
2.0 beta2
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Multiple Vulnerabilities found in discussion (http://xhawk.net/projects/discussion/) script.

1. 'img' BBCode Cross-Site Scripting Vulnerability

BBCode tag [img] isn't properly sanitized. This can be used to insert arbitrary JavaScript code. This code will be executed by visitor's browser in context of the affected site.


2. SQL Injection Vulnerability.

Vulnerable script: discussion.class..php

Variable $view isn't properly sanitized before being used in the SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.


PoC/Exploit

1. BBCode Cross-Site Scripting Example:

[img]javascript:alert(123)[/img]


2. SQL Injection Example:

http://[host]/test.php?view=9999%20or%201/*

Solution.

Solution for " BBCode img XSS and SQL-inj in discussion-xhawk.net" is not available. Check xhawk.net website for updates.