exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Elgg 1.7.10 Cross Site Scripting / SQL Injection

Elgg 1.7.10 Cross Site Scripting / SQL Injection
Posted Aug 18, 2011
Authored by Aung Khant | Site yehg.net

Elgg versions 1.7.10 and below suffer from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 961818c84c8d6b317250aaf6af077b2dac4da20fc5d7e48417f4ddb4ba6cee65

Elgg 1.7.10 Cross Site Scripting / SQL Injection

Change Mirror Download
1. OVERVIEW

The Elgg 1.7.10 and lower versions are vulnerable to Cross Site
Scripting and SQL Injection.


2. BACKGROUND

Elgg is an award-winning social networking engine, delivering the
building blocks that enable businesses, schools, universities and
associations to create their own fully-featured social networks and
applications. Well-known Organizations with networks powered by Elgg
include: Australian Government, British Government, Federal Canadian
Government, MITRE, The World Bank, UNESCO, NASA, Stanford University,
Johns Hopkins University and more (http://elgg.org/powering.php)


3. VULNERABILITY DESCRIPTION

The "internalname" parameter is not properly sanitized, which allows
attacker to conduct Cross Site Scripting attack. This may allow an
attacker to create a specially crafted URL that would execute
arbitrary script code in a victim's browser. The "tag_names" is not
properly sanitized, which allows attacker to conduct SQL Injection
attack.


4. VERSIONS AFFECTED

Elgg 1.7.10 <=


5. PROOF-OF-CONCEPT/EXPLOIT

- Cross Site Scripting

http://localhost/pg/embed/media?internalname=%20%22onmouseover=%22alert%28/XSS/%29%22style=%22width:3000px!important;height:3000px!important;z-index:999999;position:absolute!important;left:0;top:0;%22%20x=%22

- SQL Injection > Info Disclosure

http://localhost/pg/search/?q=SQLin&search_type=tags&tag_names=location%27


6. SOLUTION

Upgrade to 1.7.11 or higher.


7. VENDOR

Curverider Ltd
http://www.curverider.co.uk/
http://elgg.org/


8. CREDIT

This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.


9. DISCLOSURE TIME-LINE

2011-08-01: vulnerability reported
2011-08-15: vendor released fixed version
2011-08-18: vulnerability disclosed


10. REFERENCES

Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/[elgg_1710]_xss_sqlin
Project Home: http://elgg.org/
Vendor Release Note:
http://blog.elgg.org/pg/blog/brett/read/189/elgg-1711-released



#yehg [2011-08-18]
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close