PHPList SQL Injection and Cross Site Scripting Vulnerabilities
BID:52657
Info
PHPList SQL Injection and Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 52657 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-2741 CVE-2012-2740 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 21 2012 12:00AM |
| Updated: | Jun 19 2012 07:40AM |
| Credit: | Gjoko Krstic |
| Vulnerable: |
PHPList PHPList 2.10.17 |
| Not Vulnerable: |
PHPList PHPList 2.10.18 |
Discussion
PHPList SQL Injection and Cross Site Scripting Vulnerabilities
PHPList is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability.
Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
PHPList 2.10.17 is vulnerable; other versions may also be affected.
PHPList is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability.
Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
PHPList 2.10.17 is vulnerable; other versions may also be affected.
Exploit / POC
PHPList SQL Injection and Cross Site Scripting Vulnerabilities
Attackers can use a browser to exploit the SQL-injection issue. The attacker must trick an unsuspecting victim into following a malicious URI to exploit the cross-site scripting issue.
The following example URIs are available:
http://www.example.com/public_html/lists/admin/?blacklisted=1&change=Vai&find=&findby=email&id=0&page=users&sortorder=desc&start=0&unconfirmed=1&sortby=1[SQL]
http://www.example.com/public_html/lists/admin/?num=[XSS]&option=bounces&page=reconcileusers
Attackers can use a browser to exploit the SQL-injection issue. The attacker must trick an unsuspecting victim into following a malicious URI to exploit the cross-site scripting issue.
The following example URIs are available:
http://www.example.com/public_html/lists/admin/?blacklisted=1&change=Vai&find=&findby=email&id=0&page=users&sortorder=desc&start=0&unconfirmed=1&sortby=1[SQL]
http://www.example.com/public_html/lists/admin/?num=[XSS]&option=bounces&page=reconcileusers
Solution / Fix
PHPList SQL Injection and Cross Site Scripting Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
PHPList SQL Injection and Cross Site Scripting Vulnerabilities
References:
References:
- New stable version 2.10.18 (phpList)
- PHPList Homepage (PHPList)
- phpList 2.10.17 Remote SQL Injection and XSS Vulnerability (Gjoko Krstic)