All Enthusiast ReviewPost PHP Pro Multiple Input Validation Vulnerabilities
BID:12159
Info
All Enthusiast ReviewPost PHP Pro Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 12159 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 04 2005 12:00AM |
| Updated: | Jan 04 2005 12:00AM |
| Credit: | Discovery is credited to James Bercegay of the GulfTech Security Research Team. |
| Vulnerable: |
All Enthusiast Inc ReviewPost PHP Pro 2.5.1 All Enthusiast Inc ReviewPost PHP Pro 2.5 All Enthusiast Inc ReviewPost PHP Pro 1.0.2 |
| Not Vulnerable: | |
Discussion
All Enthusiast ReviewPost PHP Pro Multiple Input Validation Vulnerabilities
ReviewPost PHP Pro is reported to be prone to multiple vulnerabilities resulting from improper input validation. Remote attacks can carry out SQL injection, cross-site scripting attacks as well as upload arbitrary files to a vulnerable server.
All versions of ReviewPost PHP Pro are reported prone to these issues.
ReviewPost PHP Pro is reported to be prone to multiple vulnerabilities resulting from improper input validation. Remote attacks can carry out SQL injection, cross-site scripting attacks as well as upload arbitrary files to a vulnerable server.
All versions of ReviewPost PHP Pro are reported prone to these issues.
Exploit / POC
All Enthusiast ReviewPost PHP Pro Multiple Input Validation Vulnerabilities
An exploit is not required.
The following proof of concept examples are available:
http://path/showcat.php?si=[XSS]
http://path/showproduct.php?product=[INT]&sort=[INT]&cat=[INT][XSS]
http://path/showproduct.php?product=[INT]&sort=[INT]&cat=[INT]&page=[INT][XSS]
http://path/reportproduct.php?report=[INT][XSS]
http://path/showcat.php?cat=[INT][SQL]
http://path/addfav.php?product=[INT][SQL]&do=add
([INT] represents a valid integer number, [SQL] represents valid SQL syntax, and [XSS] represents the cross-site scripting attack data)
An exploit is not required.
The following proof of concept examples are available:
http://path/showcat.php?si=[XSS]
http://path/showproduct.php?product=[INT]&sort=[INT]&cat=[INT][XSS]
http://path/showproduct.php?product=[INT]&sort=[INT]&cat=[INT]&page=[INT][XSS]
http://path/reportproduct.php?report=[INT][XSS]
http://path/showcat.php?cat=[INT][SQL]
http://path/addfav.php?product=[INT][SQL]&do=add
([INT] represents a valid integer number, [SQL] represents valid SQL syntax, and [XSS] represents the cross-site scripting attack data)
Solution / Fix
All Enthusiast ReviewPost PHP Pro Multiple Input Validation Vulnerabilities
Solution:
It is reported that version 2.84 of the affected package has been released by the vendor to address these issues. This has not been confirmed. Users of affected packages should contact the vendor for further information on obtaining fixes.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It is reported that version 2.84 of the affected package has been released by the vendor to address these issues. This has not been confirmed. Users of affected packages should contact the vendor for further information on obtaining fixes.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
All Enthusiast ReviewPost PHP Pro Multiple Input Validation Vulnerabilities
References:
References:
- ReviewPost PHP Pro (All Enthusiast Inc)
- Serious Vulnerabilities In PhotoPost ReviewPost ("GulfTech Security"
)