Дополнительная информация

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

[Full-disclosure] CMS Made Simple: SQL injection

Disable website access for sites running Webspeed

Post Nuke v4bJournal Module Sql Inject

12All File Upload Vulnerability

From:	r0t <krustevs_(at)_googlemail.com>
Date:	3 мая 2007 г.
Subject:	FileRun Vuln.

FileRun Vuln.
###############################################
Vuln. discovered by : r0t
Date: 2 May  2007
vendor:http://filerun.dreamhosters.com/
orginal advisory:http://pridels.blogspot.com/2007/05/filerun-vuln.html
affected versions: 1.0 and previous
###############################################

1.
FileRun contains a flaw that allows a remote sql injection
attacks.Input passed to the "fid" parameter isn't properly sanitised
before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2.
FileRun contains a flaw that allows a remote Cross-Site Scripting
attacks.Input passed to the "page","module","section"  isn't properly
sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################