Secunia Security Advisory - Aliaksandr Hartsuyeu has reported some vulnerabilities in phpht Topsites, which can be exploited by malicious people to conduct script insertion and SQL injection attacks, and bypass certain security restrictions.
40fa94989efe5865e9633317dbaa49f9e65604422e70785908c642b1b856fdb4
TITLE:
phpht Topsites Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA18782
VERIFY ADVISORY:
http://secunia.com/advisories/18782/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, Cross Site Scripting, Manipulation of data
WHERE:
>From remote
SOFTWARE:
phpht Topsites 1.x
http://secunia.com/product/7863/
DESCRIPTION:
Aliaksandr Hartsuyeu has reported some vulnerabilities in phpht
Topsites, which can be exploited by malicious people to conduct
script insertion and SQL injection attacks, and bypass certain
security restrictions.
1) Input passed to the "username" parameter isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
Some other unspecified parameters and scripts are reportedly also
affected.
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
2) An error in the authentication process in "check.php" can be
exploited to bypass the authentication process by defining certain
cookie parameters.
3) Input passed to certain parameters in "link_edited.php" and
"link_added.php" isn't properly sanitised before being used. This can
be exploited to inject arbitrary HTML and script code, which will be
executed in a user's browser session in context of an affected site
when the malicious user data is viewed.
The vulnerabilities have been reported in version 1.3. Other versions
may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised and
that users are properly authenticated.
PROVIDED AND/OR DISCOVERED BY:
Aliaksandr Hartsuyeu
ORIGINAL ADVISORY:
http://evuln.com/vulns/59/summary.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed