|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 2323 CVE : CVE-2006-7077 CVE : CVE-2006-7076 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : David Vieira-Kurz Published : 06.03.2007
Advisory Content : [MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities --------------------------------------------------------------------------- ------------- Software: Advanced Guestbook for phpBB Version: 2.4 Type: Cross site scripting + SQL Injection Made public: July, 22th 2006 Author: Dreamy and Kooky Page: http://www.phpbbhacks.com/viewhack.php?id=966 Credits: ---------------------------------------------- Discovered by: David Vieira-Kurz http://www.majorsecurity.de Original Advisory: ---------------------------------------------- http://www.majorsecurity.de/advisory/major_rls25.txt Affected Products: ---------------------------------------------- Advanced Guestbook for phpBB 2.4 Description: ---------------------------------------------- Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html tags handling, smilies, advanced guestbook codes and language support. The admin script lets you modify, view, and delete messages. Requires PHP4 and MySQL. Requirements: ---------------------------------------------- register_globals = On Vulnerabilities: ---------------------------------------------- XSS: Input passed directly to the "entry" parameter in "guestbook.php" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. It works with a script code like this: <span class="quotelev1">>"><script%20%0a%0d>alert(123456789)%3B</script> </span> SQL Injection: Input passed directly to the "entry" parameter in "guestbook.php" is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Solution: ---------------------------------------------- Edit the source code to ensure that input is properly sanitised. You should work with "htmlspecialchars()" or "htmlentities()" php-function to ensure that html tags are not going to be executed. You should also work with the "intval()" php-function to ensure that the input is numeric. Example: <?php $pass = htmlentities($_POST['pass']); echo htmlspecialchars("<script"); $id = intval($_POST['id']); ?> Set "register_globals" to "Off".  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |