Bioly 'index.php' Cross Site Scripting and SQL Injection Vulnerabilities

Bugtraq ID:	53018
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 16 2012 12:00AM
Updated:	Apr 16 2012 12:00AM
Credit:	T0xic
Vulnerable:	Bioly Bioly 1.3
Not Vulnerable:

Bioly 'index.php' Cross Site Scripting and SQL Injection Vulnerabilities

Bioly is prone to multiple SQL-injection and cross-site scripting vulnerabilities.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Bioly 1.3 is vulnerable; other versions may also be affected.

Bioly 'index.php' Cross Site Scripting and SQL Injection Vulnerabilities

An attacker can exploit these issues via a browser. To exploit cross-site scripting issues, the attacker must entice an unsuspecting victim to follow a malicious URI.

The following example data is available:

• /data/vulnerabilities/exploits/53018.txt

Bioly 'index.php' Cross Site Scripting and SQL Injection Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].

Bioly 'index.php' Cross Site Scripting and SQL Injection Vulnerabilities

References:

• Bioly Homepage (Bioly)