Noah's Classifieds are vulnerable to SQL injection and cross site scripting attacks. Flaws have been tested against version 1.3, others are possibly susceptible.
b21191938f5736056e15f4aa58436add6c1d9b62381134c041dd63af99a74b51Software: phpoutsourcing Noah's classifieds
Vendor: http://classifieds.phpoutsourcing.com/
Version: all versions
Bug: SQL injection & XSS
Exploitation: Remote with browser
-------------------------------------------------------------------------------------
Introduction:
Noah' Classifieds is a general purpose application
that allows you to set up as many ad categories as you
want specifying custom fields for each of them.
vulnerability:
Several scripts do not properly validate user-supplied
input. A remote user can create specially crafted
parameter values that will execute SQL commands on the
underlying database.A remote user can create a
specially crafted URL that, when loaded by a target
user, will cause arbitrary scripting code to be
executed by the target user's browser. As a result,
the code will be able to access the target user's
cookies.
IN this cases, The rollid parameter is vulnerable.
-----------------------------
SQL Injection:
Demonstration exploit URL
http://localhost/classifieds/index.php?methode=showdetails&list=Advertisment&rollid=4'
The vulnerability is easy to exploit for example
"Search" & "forgotten password" pages might be used to
explot with simple ' (%27)
-All versions are vulnerable-
-------------------------------
XSS:
Demonstration exploit URL
http://localhost/classifieds/index.php?methode=showdetails&list=Advertisment&rollid=4'<script>alert(document.cookie)</script>
Username and hashed password set by cookie so Customer
cookies may be compromised. The attacker may be able
to pose as a legitimate user to view and alter user
records, and perform transactions as that user.
-Just tested on classified 1.3 (the last release)-
-------------------------------
Solution:
There is not any vendor-supplied patch at this time.
-------------------------------
Credits:
Discovered & released by trueend5
[ Security Researchers Institute Of Iran <KAPDA.ir> in
association with iraNNetjob.com]
Original advisory: http://www.irannetjob.com/index.php?option=com_content&task=view&id=122&Itemid=28
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed