Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:14 февраля 2007 г.
Источник:
SecurityVulns ID:7236
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:JUPITERPORTAL : Jupiter Cms 1.1
 WEBTESTER : WebTester 5.0
CVE:CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot), or an absolute pathname, in the n parameter.)
 CVE-2007-0986 (PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5, when PHP 5.0.0 or later is used, allows remote attackers to execute arbitrary PHP code via an ftp URL in the n parameter.)
 CVE-2007-0973 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Jupiter CMS 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header and certain other HTTP headers, which are displayed without proper sanitization when an administrator performs a Logged Guest action.)
 CVE-2007-0972 (Unrestricted file upload vulnerability in modules/emoticons.php in Jupiter CMS 1.1.5 allows remote attackers to upload arbitrary files by modifying the HTTP request to send an image content type, and to omit is_guest and is_user parameters. NOTE: this issue might be related to CVE-2006-4875.)
 CVE-2007-0971 (Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the attack vector might involve _SERVER.)
 CVE-2007-0970 (Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input.)
 CVE-2007-0969 (Multiple cross-site scripting (XSS) vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to POST parameters to multiple files.)
 CVE-2007-0951 (SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter.)
 CVE-2007-0950 (Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter.)
Оригинальный текстdocumentMoran Zavdi, WebTester 5.0.2 sql injection and XSS vulnerabilities (14.02.2007)
 documentgmdarkfig_(at)_gmail.com, Jupiter CMS 1.1.5 Multiple Vulnerabilities (14.02.2007)
 documentShaFuq31_(at)_HoTMaiL.CoM, Fullaspsite Shop (tr) Xss & SqL İnj. VulnZ. (14.02.2007)
Файлы:Jupiter CMS SQL Injection Vulnerability (POC #1)
 Jupiter CMS File Upload Vulnerability (POC #2)
 Jupiter CMS "Logged Guest" XSS Vulnerability (POC #3)
 PhpSploit Class

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород