News Script PHP v1.2 multiple defects and repair

Source: Internet
Author: User
Tags script php

Title: News Script PHP v1.2-Multiple Web Vulnerabilites
Impact System
7.5
 
Introduction:
==================
Visitors to your website will be able to read news, articles, interviews and stories which you have posted
Specific introduction can see here: http://www.newsscriptphp.com)
 
 
Abstract:
==========
News Script PHP v1.2 CMS multiple vulnerabilities discovered
Technical analysis:
==========
1.1
Multiple SQL Injection vulnerabilities are detected in the News Script PHP 1.2 Content Management System.
The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute own
SQL commands on the affected application dbms without user inter action. Successful exploitation of
Vulnerability results in dbms & application compromise. The vulnerabilities are located in admin. php &
Preview. php file and bound values like orderBy & id.
 
Vulnerable File (s ):
[+] Preview. php
[+] Admin. php
 
Vulnerable Parameter (s ):
[+] Id
[+] OrderBy
 
 
1.2
Multiple non persistent cross site scripting vulnerabilities are detected in the News Script PHP 1.2 Content Management System.
The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions with high required
User inter action or local low privileged user account. Successful exploitation can result in account steal, phishing
& Client-side content request manipulation. The vulnerabilities are located in the preview. php and admin. php files and
Bound values like search, ordertype, orderby & act.
 
Vulnerable File (s ):
[+] Preview. php
[+] Admin. php
 
Vulnerable Parameter (s ):
[+] Search
[+] OrderType
[+] OrderBy
[+] Act
 
 
Test proof:
========================
1.1
The SQL injection vulnerabilities can be exploited without required user inter action with privileged user account.
For demonstration or reproduce...
 
PoC:
Http: // MAID: 1338/news/preview. php? Id = [SQL-INJECTION]
Http://www.bkjia.com/news/preview. php? P = [SQL-INJECTION]
Http: // FIG: 1338/news/admin. php? Act = news & orderType = [ASC/DESC] & search = & orderBy = [SQL-INJECTION]
 
 
1.2
The non persistent input validation vulnerabilities can be exploited by remote attackers with medium or high required
User inter action & without privileged user account. For demonstration or reproduce...
 
PoC:
Http: // MAID: 1338/news/preview. php? Id = '14 & p = '& search = [cross site scripting]
Http: // FIG: 1338/news/admin. php? Act = news & orderType = '[cross site scripting]
Http://www.bkjia.com/news/admin. php? Act = news & orderType = [cross site scripting] & search = & orderBy = [cross site scripting]
Http: // MAID: 1338/news/preview. php? Act = news & orderType = [cross site scripting]
 
 
Risk:
=====
1.1
The security risk of the SQL injection vulnerabilities are estimated as hard
 
1.2
The security risk of the input validation vulnerabilities are estiamted as low (+)
 
VULNERABILITY RESEARCH LABORATORY TEAM
Web: www.vulnerability-lab.com
Mail: research@vulnerability-lab.com

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.