OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Multiple Vulnerabilities in PHP Surveyor

thegreatone2176yahoo.com
Date: Tue Jul 19 2005 - 21:08:10 CDT


-----------------------------------------------------------
Multiple Vulnerabilities in PHP Surveyor version 0.98 stable
------------------------------------------------------------

Summary:

PHP Surveyor is vulnerable to many sql injections, cross site scriptings, and path disclosures.

Details:

root directory
--------------

question.php, survey.php, group.php - all give path disclosure

admin directory
--------------

browse.php - sid, start, and id parametereters all vulnerable to injection and xss, no

parametereter gives sql error.

dataentry.php - sid sql injection and xss

export.php - sid sql injection and xss, no parametereter gives sql error.

database.php - straight to page gives path disclosure.

dumpquestion.php - qid=' gives multiple path disclosures.

admin.php - sid parameter sql injection

labels.php - lid parameter sql injection and path disclosure

dumplabel.php - lid parameter sql injection and path disclosure

sessioncontrol.php - straight to page gives path disclosure

html.php - straight to page gives path disclosure

conditions.php - no parameter sql error, sql injection on sid parameter

spss.php - no parameter sql error, sql inject on sid parameter

deletesurvey.php - sql inject with sid when ok=Y

dumpsurvey.php - sid sql injection

statistics.php - sid sql injection

-------------------------------

Solution:

Cleanse all user input before processing to stop injections, check to make sure parameters are
present before processing to stop sql errors and path disclosure.

Credit:

tgo thegreatone2176yahoo.com

Greets:

smooth_operator and zith