bitweaver <=1.3.1 [injection sql (post) & xss (post)]

2007.01.15
Credit: laurent gaffi & benjamin moss
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2006-6925 | CVE-2006-6924 | CVE-2006-6923
CWE: N/A

bitweaver <=1.3.1 [injection sql (post) & xss (post)] vendor site: http://www.bitweaver.org/ product :bitweaver 1.3.1 bug:injection sql post & multiples xss post risk : high severals juicy sql error can be found in the sort_mode var , sql (get) : http://localhost/bitweaver/blogs/list_blogs.php?sort_mode=-98 http://localhost/bitweaver/fisheye/list_galleries.php?sort_mode=-98 http://localhost/bitweaver/fisheye/index.php?sort_mode=-98 http://127.0.0.1/bitweaver/wiki/orphan_pages.php?sort_mode=-98 http://127.0.0.1/bitweaver/wiki/list_pages.php?find=&sort_mode=-98 injection sql (post) : path : http://site.com/bitweaver/newsletters/edition.php Variables: bitweaver/newsletters/edition.php?tk=[SQL]&find=1&search=suchen XSS post : http://localhost/bitweaver/articles/edit.php ===> xss post in message title ( submit article ) http://localhost/bitweaver/blogs/post.php ==> xss post in message title ( blog ) http://localhost/bitweaver/wiki/edit.php?page=SandBox ==> xss post in message description ( wiki ) those xss are pretty dangerous , like in submit article , wich is only viewed by an administrator , to approve the submitted article, so he can easly get his cookie stealed . laurent gaffi & benjamin moss http://s-a-p.ca/ contact: saps.audit<img src="/imgs/at.gif" border=0 align=middle>gmail.com


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top