|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Sql injection in RunCMS
From: Omid (omid
hackers.ir)
Date: Thu Sep 07 2006 - 00:09:41 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
There are several sql injections in RunCMS 1.4.1 (and maybe before versions) :
The "uid" parameter in /class/sessions.class.php, is not checked correctly,
which can cause 2 sql injections .
Also, "timezone_offset" and "umode" parameters in /class/xoopsuser.php,
can make sql injections in 2 queries .
Fixpacks can be downloaded from RunCms official website :
http://www.runcms.org/modules/mydownloads/viewcat.php?cid=5
The original advisory (in Persian) is located at :
http://www.hackers.ir/advisories/runcms.html
- Omid
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]