CoolForum Cross-Site Scripting And SQL Injection Vulnerabilities
BID:12852
Info
CoolForum Cross-Site Scripting And SQL Injection Vulnerabilities
| Bugtraq ID: | 12852 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0857 CVE-2005-0858 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 19 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Discovery of these issues is credited to Romano <[email protected]>. |
| Vulnerable: |
CoolForum CoolForum 0.8 CoolForum CoolForum 0.7.3 CoolForum CoolForum 0.7.2 CoolForum CoolForum 0.5.2 beta CoolForum CoolForum 0.5.1 beta CoolForum CoolForum 0.5 beta |
| Not Vulnerable: | |
Discussion
CoolForum Cross-Site Scripting And SQL Injection Vulnerabilities
Multiple remote input validation vulnerabilities affect CoolForum. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality.
Multiple SQL injection vulnerabilities have been reported and a cross-site scripting vulnerability is also reported.
An attacker may leverage these issues to manipulate and view arbitrary database contents by exploiting the SQL injection issues, and to have arbitrary script code executed in the browser of an unsuspecting user by exploiting the cross-site scripting vulnerabilities.
Multiple remote input validation vulnerabilities affect CoolForum. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality.
Multiple SQL injection vulnerabilities have been reported and a cross-site scripting vulnerability is also reported.
An attacker may leverage these issues to manipulate and view arbitrary database contents by exploiting the SQL injection issues, and to have arbitrary script code executed in the browser of an unsuspecting user by exploiting the cross-site scripting vulnerabilities.
Exploit / POC
CoolForum Cross-Site Scripting And SQL Injection Vulnerabilities
The following examples are available:
avatar.php?img=<script>alert(document.cookie)</script>
http://www.example.com/register.php?action=confirm&login='or 1=1 into outfile '/var/www/html/cf_users_with_magic_quotes_on.txt
The following examples are available:
avatar.php?img=<script>alert(document.cookie)</script>
http://www.example.com/register.php?action=confirm&login='or 1=1 into outfile '/var/www/html/cf_users_with_magic_quotes_on.txt
Solution / Fix
CoolForum Cross-Site Scripting And SQL Injection Vulnerabilities
Solution:
It is reported that the vendor has addressed these vulnerabilities in CoolForum version 0.8.1. This is not confirmed; customers are advised to contact the vendor regarding obtaining and applying appropriate updates.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It is reported that the vendor has addressed these vulnerabilities in CoolForum version 0.8.1. This is not confirmed; customers are advised to contact the vendor regarding obtaining and applying appropriate updates.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
CoolForum Cross-Site Scripting And SQL Injection Vulnerabilities
References:
References:
- CoolForum Home Page (CoolForum)