Messageriescripthp Multiple Input Validation Vulnerabilities
BID:21513
Info
Messageriescripthp Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 21513 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-6521 CVE-2006-6520 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 09 2006 12:00AM |
| Updated: | Jul 06 2007 08:47PM |
| Credit: | Mr_KaLiMaN is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
SCRIPTPHP Messageriescripthp 2.0 |
| Not Vulnerable: | |
Discussion
Messageriescripthp Multiple Input Validation Vulnerabilities
Messageriescripthp is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Messageriescripthp V2.0 is vulnerable to this issue.
Messageriescripthp is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Messageriescripthp V2.0 is vulnerable to this issue.
Exploit / POC
Messageriescripthp Multiple Input Validation Vulnerabilities
To exploit the cross-site scritping issue:
An attacker can exploit this issue by enticing an unsuspecting user into following a malicious URI.
The following proof-of-concept URIs are available:
http://www.example.com//[script_messagerie_path]/existepseudo.php?pseudo=[XSS]
http://www.example.com/[script_messagerie_path]/existeemail.php?email=[XSS]
http://www.example.com/[script_messagerie_path]/Contact/contact.php?pageName=</title>[XSS]
http://www.example.com/[script_messagerie_path]/Contact/contact.php?cssform=">[XSS]<foo
To exploit aSQL-injection issue:
An attacker can exploit these issues via a web client.
The following proof-of-concept URIs are available:
http://www.example.com/[script_messagerie_path]/lire-avis.php?aa=[SQL INJECTION]
http://www,example.com/[script_messagerie_path]/membre/fiche_tousmembres.php?recordID=0 UNION SELECT
null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null FROM
etc...#
To exploit the cross-site scritping issue:
An attacker can exploit this issue by enticing an unsuspecting user into following a malicious URI.
The following proof-of-concept URIs are available:
http://www.example.com//[script_messagerie_path]/existepseudo.php?pseudo=[XSS]
http://www.example.com/[script_messagerie_path]/existeemail.php?email=[XSS]
http://www.example.com/[script_messagerie_path]/Contact/contact.php?pageName=</title>[XSS]
http://www.example.com/[script_messagerie_path]/Contact/contact.php?cssform=">[XSS]<foo
To exploit aSQL-injection issue:
An attacker can exploit these issues via a web client.
The following proof-of-concept URIs are available:
http://www.example.com/[script_messagerie_path]/lire-avis.php?aa=[SQL INJECTION]
http://www,example.com/[script_messagerie_path]/membre/fiche_tousmembres.php?recordID=0 UNION SELECT
null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null FROM
etc...#
Solution / Fix
Messageriescripthp Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Messageriescripthp Multiple Input Validation Vulnerabilities
References:
References:
- Messageriescripthp Homepage (SCRIPTPHP)
- Messageriescripthp V2.0 XSS & SQL Injection ( Mr_KaLiMaN)