XSS and SQL Injection in NMDeluxe
Summary
- Vulnerability
- XSS and SQL Injection in NMDeluxe
- Discovered
- 2006.03.06
- Last Update
- 2006.03.16 Exploitation code published
- ID
- EV0093
- CVE
- CVE-2006-1107 CVE-2006-1108
- Risk Level
- medium
- Type
- Multiple Vulnerabilities
- Status
- Patched
- Vendor
- n/a
- Vulnerable Software
- NMDeluxe (http://nmdeluxe.com/)
- Version
- 1.0.0 STABLE
- PoC/Exploit
- Available
- Solution
- Available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Multiple Vulnerabilities found in NMDeluxe (http://nmdeluxe.com/) script.
1. Cross-Site Scripting Vulnerability.
Vulnerable Script: news.php
Variable $post['nick'] isn't properly sanitized. This can be used to post arbitrary HTML or JavaScript code.
2. SQL Injection Vulnerability
Vulnerable script: news.php
Variable $id is not properly sanitized before being used in SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
PoC/Exploit
1. Cross-Site Scripting Example:
http://[host]/news.php?act=comments&id=99'%20union%20select%201,2,3,4,5,6,7/*
2. SQL Injection Example:
URL: http://[host]/news.php?act=comments&id=1
Nick: [XSS]
Solution.
To fix those vulnerabilities install or upgrade to 1.0.1 version.