what you don't know can hurt you

typo-sqlxss.txt

typo-sqlxss.txt
Posted Oct 31, 2008
Authored by L4teral

Typo versions 5.1.3 and below suffer from cross site scripting and SQL injection vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
MD5 | 8221ac832c25b9830f22b83515f36688

typo-sqlxss.txt

Change Mirror Download
======================================================================
Typo <= 5.1.3 Multiple Vulnerabilities
======================================================================

Author: L4teral <l4teral [at] gmail com>
Impact: Cross Site Scripting
SQL Injection
Insecure password hash salt
Status: patch not available


------------------------------
Affected software description:
------------------------------

Application: Typo
Version: <= 5.1.3
Vendor: http://typosphere.org

Description:
Typo is a blogging engine developped with the Ruby on Rails framework.


--------------
Vulnerability:
--------------

1. The feedback system is vulnerable to cross site scripting.
Script code can be embedded into the "Name" and "Website" fields
when posting a new comment. If the comments are viewed in the admin
panel, the code gets executed in the context of the admin user.
The code embedded in the website paramter also gets executed when
viewing the blog post as normal user.

2. The "Manage pages" part of the administration panel is prone to
SQL injection. The parameter "published_at" is not properly
sanitized due to an erroneous regular expression.
"Blog publisher" rights are needed to exploit this issue.

3. The application uses a salt when storing the password hashes, but
the salt is set to a hardcoded value making the salt less efficient
as equal passwords result in the same hash value.


---------
Timeline:
---------

2008-09-29 - vendor informed
2008-10-02 - vendor informed
2008-10-30 - no response from vendor, public disclosure
Login or Register to add favorites

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    8 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    4 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close