SQLiteManager version 1.2.0 suffers from local file inclusion and multiple cross site scripting vulnerabilities.
0801568530feffe7fc7f87e429113facaddaa00f9cb11a79d66f5f6bea21c0cdSQLiteManager v1.2.0 Multiple Vulnerabilities
-------------------------------------------------------
vendor : http://www.sqlitemanager.org/
Global risk : High
-------------------------------------------------------
SQLite is a SQL managed portal like PhpMyAdmin.
Multiple Cross Scripting Vulnerabilities
-----------------------------------------
In main.php the database name field is vulnerable to a XSS attack.
This xss is permanent, if a user with restricted rights creates a
table with as name a malicious code the administrator gone get his
cookie stealed when he opens SqliteManager's index. The same things
happens for the table's name field if a malicious code is inserted.
The solution is then to use htmlentities().
others vulnerables fields to XSS attacks :
main.php :
............... ViewName
............... view
............... trigger
............... function
............... (...)
Theses vulnerabilities are presents in others pages too.
Here too the better solution is to use htmlentities().
reference : www.php.net/htmlentities
Locale File Include
-------------------
GET /home/sqlite/ HTTP/1.0
[...]
Cookie: PHPSESSID=[...];SQLiteManager_currentTheme=../../../../../../../../../../../../../etc/passwd%00;
SQLiteManager_currentLangue=deleted
SQLiteManager_currentTheme variable is vulnerable.
This request will returns the /etc/passwd file.
This vulnerability is dangerous, indeed a user with restricted access to SqliteManage
could get non-authorized files.
Regards,
Simon Bonnard - 24/02/2007
Contact : simon.itsecurity[at]gmail[dot]com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed