RTTucson Quotations Database Cross Site Scripting and Multiple SQL Injection Vulnerabilities
BID:58039
Info
RTTucson Quotations Database Cross Site Scripting and Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 58039 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 19 2013 12:00AM |
| Updated: | Feb 19 2013 12:00AM |
| Credit: | 3spi0n |
| Vulnerable: |
rttucson Quotations Database 0 |
| Not Vulnerable: | |
Discussion
RTTucson Quotations Database Cross Site Scripting and Multiple SQL Injection Vulnerabilities
RTTucson Quotations Database is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
RTTucson Quotations Database is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploit / POC
RTTucson Quotations Database Cross Site Scripting and Multiple SQL Injection Vulnerabilities
Attackers can use a browser to exploit these issues. To exploit the cross-site scripting issue, an attacker must entice an unsuspecting user into following a malicious URI.
The following example URIs are available:
To exploit the SQL-injection issue:
http://www.example.com/quotations/author.php?ID=5' (MySQLi Found)
http://www.example.com/quotations/category_quotes.php?ID=9' (MySQLi Found)
To exploit the cross-site scripting issue:
http://www.example.com/quotations/quote_search.php?keywords=<h1>Xssed-3spi0n</h1>
Attackers can use a browser to exploit these issues. To exploit the cross-site scripting issue, an attacker must entice an unsuspecting user into following a malicious URI.
The following example URIs are available:
To exploit the SQL-injection issue:
http://www.example.com/quotations/author.php?ID=5' (MySQLi Found)
http://www.example.com/quotations/category_quotes.php?ID=9' (MySQLi Found)
To exploit the cross-site scripting issue:
http://www.example.com/quotations/quote_search.php?keywords=<h1>Xssed-3spi0n</h1>
Solution / Fix
RTTucson Quotations Database Cross Site Scripting and Multiple SQL Injection Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
RTTucson Quotations Database Cross Site Scripting and Multiple SQL Injection Vulnerabilities
References:
References:
- RTTucson Homepage (Robert Temple)