New eVuln Advisory:
discussion - xhawk.net BBCode 'img' XSS & SQL Injection Vulnerabilities
http://evuln.com/vulns/92/summary.html
--------------------Summary----------------
eVuln ID: EV0092
Vendor: xhawk.net
Vendor's Web Site: http://xhawk.net
Software: discussion
Sowtware's Web Site: http://xhawk.net/projects/discussion/
Versions: 2.0 beta2
Critical Level: Moderate
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched. No reply from developer(s)
PoC/Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
-----------------Description---------------
BBCode tag [img] isn't properly sanitized. This can be used to insert arbitrary JavaScript code. This code
will be executed by visitor's browser in context of the affected site.
Vulnerable script: discussion.classβ¦php
Variable $view isn't properly sanitized before being used in the SQL query. This can be used to make any SQL
query by injecting arbitrary SQL code.
--------------PoC/Exploit----------------------
Available at: http://evuln.com/vulns/92/exploit.html
--------------Solution---------------------
No Patch available.
--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services
.