[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

XSS bugs and SQL injection in sNews

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XSS bugs and SQL injection in sNews
From: Alexander Hristov <joffer@xxxxxxxxx>
Date: Tue, 14 Feb 2006 18:25:13 +0200

Official page : http://www.solucija.com/home/snews/

XSS in comments :

just post some comment with <script>alert('XSS TEST by
securitydot.net');</script>
                        
FIX : put this on 423 line
$r = str_replace ("<","&lt",$r);
                $r = str_replace (">","&lg",$r);

Injection through categories : index.php?category=1%20or%201=2

FIX : put this on 313 line
if (ereg('^[0-9]*$' , $category))

Injection through id : index.php?id=0%20or%201=2

FIX : put this on 175 line
if (ereg('^[0-9]*$' , $id)) {

--
Securitydot.net
joffer and DrFrancky

Prev by Date: dotproject <= 2.0.1 remote code execution
Next by Date: memory leak in IE?
Previous by thread: Re: dotproject <= 2.0.1 remote code execution
Next by thread: memory leak in IE?
Index(es):
- Date
- Thread