EV0135.txt

2006-09-1400:00:00

Aliaksandr Hartsuyeu

packetstormsecurity.com

0.052 Low

EPSS

Percentile

93.0%

JSON

`New eVuln Advisory:  
indexcity SQL Injection and XSS Vulnerabilities  
http://evuln.com/vulns/135/summary.html  
  
--------------------Summary----------------  
eVuln ID: EV0135  
CVE: CVE-2006-4323 CVE-2006-4324  
Vendor: CityForFree  
Vendor's Web Site: http://www.cityforfree.com/  
Software: indexcity  
Sowtware's Web Site: http://www.cityforfree.com/free_script.htm  
Versions: 1.0  
Critical Level: Moderate  
Type: Multiple Vulnerabilities  
Class: Remote  
Status: Unpatched. No reply from developer(s)  
PoC/Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
-----------------Description---------------  
1. SQL Injection.   
  
Vulnerable script: list.php   
  
Parameter cate_id is not properly sanitized before being used in SQL  
query. This can be used to make any SQL query by injecting arbitrary SQL  
code.   
  
Condition: magic_quotes_gpc = off   
  
  
2. Cross-Site Scripting.   
  
Vulnerable Script: add_url2.php   
  
Parameter url is not properly sanitized. This can be used to post  
arbitrary HTML or web script code.   
  
  
  
--------------PoC/Exploit----------------------  
Available at: http://evuln.com/vulns/135/exploit.html  
  
  
1. SQL Injection Example.  
  
URL: http://host/indexcity/list.php? cate_id=999'% 20union%20select% 201,2,3,4,5, 6,7/*  
  
  
2. Cross-Site Scripting Example.  
  
URL: http://host/indexcity/add_url.php  
Website: aaa.com' onmouseover='alert(123)'>  
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit-----------------------  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
  
Regards,  
Aliaksandr Hartsuyeu  
http://evuln.com - Penetration Testing Services  
.  
  
`

0.052 Low

EPSS

Percentile

93.0%

JSON

Related for PACKETSTORM:49994