[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Multiple Vulnerabilities in PHP Surveyor
From: thegreatone2176 () yahoo ! com
Date: 2005-07-20 2:08:10
Message-ID: 20050720020810.24925.qmail () securityfocus ! com
[Download RAW message or body]
-----------------------------------------------------------
Multiple Vulnerabilities in PHP Surveyor version 0.98 stable
------------------------------------------------------------
Summary:
PHP Surveyor is vulnerable to many sql injections, cross site scriptings, and path disclosures.
Details:
root directory
--------------
question.php, survey.php, group.php - all give path disclosure
admin directory
--------------
browse.php - sid, start, and id parametereters all vulnerable to injection and xss, no
parametereter gives sql error.
dataentry.php - sid sql injection and xss
export.php - sid sql injection and xss, no parametereter gives sql error.
database.php - straight to page gives path disclosure.
dumpquestion.php - qid=' gives multiple path disclosures.
admin.php - sid parameter sql injection
labels.php - lid parameter sql injection and path disclosure
dumplabel.php - lid parameter sql injection and path disclosure
sessioncontrol.php - straight to page gives path disclosure
html.php - straight to page gives path disclosure
conditions.php - no parameter sql error, sql injection on sid parameter
spss.php - no parameter sql error, sql inject on sid parameter
deletesurvey.php - sql inject with sid when ok=Y
dumpsurvey.php - sid sql injection
statistics.php - sid sql injection
-------------------------------
Solution:
Cleanse all user input before processing to stop injections, check to make sure parameters are
present before processing to stop sql errors and path disclosure.
Credit:
tgo thegreatone2176@yahoo.com
Greets:
smooth_operator and zith
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic