BBCode img XSS and SQL-inj in discussion-xhawk.net
Summary
- Vulnerability
- BBCode img XSS and SQL-inj in discussion-xhawk.net
- Discovered
- 2006.03.04
- Last Update
- 2006.03.14 Exploitation code published
- ID
- EV0092
- CVE
- CVE-2006-1264 CVE-2006-1265
- Risk Level
- medium
- Type
- Multiple Vulnerabilities
- Status
- Unpatched. No reply from developer(s)
- Vendor
- xhawk.net (http://xhawk.net)
- Vulnerable Software
- discussion (http://xhawk.net/projects/discussion/)
- Version
- 2.0 beta2
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Multiple Vulnerabilities found in discussion (http://xhawk.net/projects/discussion/) script.
1. 'img' BBCode Cross-Site Scripting Vulnerability
BBCode tag [img] isn't properly sanitized. This can be used to insert arbitrary JavaScript code. This code will be executed by visitor's browser in context of the affected site.
2. SQL Injection Vulnerability.
Vulnerable script: discussion.class..php
Variable $view isn't properly sanitized before being used in the SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
PoC/Exploit
1. BBCode Cross-Site Scripting Example:
[img]javascript:alert(123)[/img]
2. SQL Injection Example:
http://[host]/test.php?view=9999%20or%201/*
Solution.
Solution for " BBCode img XSS and SQL-inj in discussion-xhawk.net" is not available. Check xhawk.net website for updates.