hozarares Posted December 5, 2009 Report Posted December 5, 2009 ##################################################################################################################################### ___ ___ _ _____ __ _ ## / _ \ / _ \| | | __ \ / _| | | ## _ __| | | | | | | |_| | | | ___| |_ __ _ ___ ___ __| | ## | '__| | | | | | | __| | | |/ _ \ _/ _` |/ __/ _ \/ _` | ## | | | |_| | |_| | |_| |__| | __/ || (_| | (_| __/ (_| | ## |_| \___/ \___/ \__|_____/ \___|_| \__,_|\___\___|\__,_| ## ## ## +-+-+-+-+ ## |C|r|e|w| ## +-+-+-+-+ ###################################################################################################################################### [#] Theeta CMS (Cross Site Scripting,SQL Injection) Multiple Vulnerabilities ## [#] Discovered By c0dy ## [#] r00tDefaced | (In)Security Syndicate - Powered by vBulletin ## [#] Greetz: sHoKeD-bYte, syst0x1c & r00tDefaced Members ##################################################################### [1]-Cross Site Scripting## Vulnerability Description:# Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code #injection by malicious web users into the web pages viewed by other users.## Affected items:# http://127.0.0.1/community/thread.php?start=[XSS] # http://127.0.0.1/community/thread.php?forum=[XSS]# http://127.0.0.1/community/thread.php?cat=[XSS] # http://127.0.0.1/community/forum.php?start=[XSS] # http://127.0.0.1/community/forum.php?cat=[XSS]# http://127.0.0.1/blog/index.php?start=[XSS]### Exemple: <script>alert(document.cookie)</script> ## The Risk:# By exploiting this vulnerability, an attacker can inject malicious code in the script and can stole cookies.## Fix the vulnerability:# * Encode output based on input parameters.# * Filter input parameters for special characters.# * Filter output based on input parameters for special characters...#################################################################### [2]-SQL injection## Vulnerability Description:# SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an #application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL #statements or user input is not strongly typed and thereby unexpectedly executed.## Affected items:# http://127.0.0.1/community/forum.php?start=[sql Injection] # http://127.0.0.1/community/thread.php?start=[sql Injection]# http://127.0.0.1/blog/index.php?start=[sql Injection]# # Exemple: -1+ORDER+BY+1-- [You can find the number of colums (Well just incrementing the number until we get an error.)]## The Risk:# By exploiting this vulnerability, an attacker can inject malicious code in the script and can have acces to the database.## Fix the vulnerability:# To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parameterized statements must be used #(preferred), or user input must be carefully escaped or filtered.#################################################################################################################################### r00tDefaced [2009-12-01] Quote
