H - Security Labs
Falt4Extreme (RC4 10.9.2007) Security Report
ID : HSEC#20071012
Name : Falt4Extreme CMS (RC4 10.9.2007)
Vendor HomePage :http://sourceforge.net/projects/falt4/
Platforms : PHP && MySQL
Vulnerability Type : Input Validation Errors
04 December 2007 – Vendor Contacted
04 December 2007 – Vendor Replied
05 December 2007 – Fix Released
10 December 2007 – Pulic Disclosure
Falt4 CMS is a business approved Content Management System (CMS) under the LGPL. The CMS is feature-rich and has a clean
administration area. The ultimate CMS with functions for the professional, usable by everyone.CMS modules are available.
The script is vulnerable to both of XSS and Blind SQL Injection attacks.
1-Blind SQL Injection Vulnerability:
http://www.EXAMPLE.com/falt4/
index.php?handler=cat&nav_ID=1'%20and%20'1'='1
nav_ID parameter is not sanitized properly and can be used for Blind SQL Injection attacks.
2-Cross Site Scripting Vulnerabilities
i.http://www.EXAMPLE.com/falt4/
index.php?handler=>">&nav_ID=1
Input passed to the 'handler' parameter is not sanitized properly before using and can be used malicious people to
perform XSS attacks.
ii .http://www.EXAMPLE.com/falt4/
modules/feed/feed.php?type=rss&lang=1&topic=>">
Input passed to the 'topic' parameter is not sanitized properly before using and can be used malicious people to perform
XSS attacks.
The vulnerabilities found on 04 December 2007
by Mesut Timur
H - Security Labs , http://www.h-labs.org
Gebze Institute of Technology,
Department of Computer Engineering, http://www.gyte.edu.tr
Vendor Confirmation : http://sourceforge.net/forum/forum.php?forum_id=762931
Original Advisory : http://www.h-labs.org/blog/2007/12/05/falt4_cms_security_report_advisory.html
Project Site : http://sourceforge.net/projects/falt4/
Me : http://www.h-labs.org
Your smile counts. The more smiles you share, the more we donate. Join in.
www.windowslive.com/smile?ocid=TXT_TAGLM_Wave2_oprsmilewlhmtagline