bitweaver <=1.3.1 [injection sql (post) & xss (post)]
vendor site: http://www.bitweaver.org/
product :bitweaver 1.3.1
bug:injection sql post & multiples xss post
risk : high
severals juicy sql error can be found in the sort_mode var ,
sql (get) :
http://localhost/bitweaver/blogs/list_blogs.php?sort_mode=-98
http://localhost/bitweaver/fisheye/list_galleries.php?sort_mode=-98
http://localhost/bitweaver/fisheye/index.php?sort_mode=-98
http://127.0.0.1/bitweaver/wiki/orphan_pages.php?sort_mode=-98
http://127.0.0.1/bitweaver/wiki/list_pages.php?find=&sort_mode=-98
XSS post :
http://localhost/bitweaver/articles/edit.php ===> xss post in message
title ( submit article )
http://localhost/bitweaver/blogs/post.php ==> xss post in message title
( blog )
http://localhost/bitweaver/wiki/edit.php?page=SandBox ==> xss post in
message description ( wiki )
those xss are pretty dangerous , like in submit article , wich is only
viewed by an administrator ,
to approve the submitted article, so he can easly get his cookie stealed .
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory.