Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[eVuln] warforge.NEWS SQL Injection and Multiple XSS Vulnerabilities

from [alex] Network Security [Permanent Link]
Subject: [eVuln] warforge.NEWS SQL Injection and Multiple XSS Vulnerabilities
Date: 26 Apr 2006 06:15:01 -0000 
New eVuln Advisory:
warforge.NEWS SQL Injection and Multiple XSS Vulnerabilities
http://evuln.com/vulns/125/summary.html

--------------------Summary----------------
eVuln ID: EV0125
CVE: CVE-2006-1817 CVE-2006-1818
Software: warforge.NEWS
Sowtware's Web Site: http://www.thewarforge.com/
Versions: 1.0
Critical Level: Moderate
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched. No reply from developer(s)
PoC/Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

-----------------Description---------------
Vulnerable script: authcheck.php

Cookie variable $_COOKIE[authusername] is not properly sanitized before being 
used in SQL query. This can be used to bypass authentication or make any SQL 
query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

--------------PoC/Exploit----------------------
Available at: http://evuln.com/vulns/125/exploit.html

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)


Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services
.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [eVuln] warforge.NEWS SQL Injection and Multiple XSS Vulnerabilities, alex <=
Previous by Date:  Secunia Research: SpeedProject Products ACE Archive Handling Buffer Overflow, Secunia Research
Next by Date:  SQL Injection On DUportal, outlaw
Previous by Thread:  Secunia Research: SpeedProject Products ACE Archive Handling Buffer Overflow, Secunia Research
Next by Thread:  SQL Injection On DUportal, outlaw
Indexes:  [Date] [Thread] [Top] [All Lists]