Description:
============
Multiple XSS and SQL injection vulnerabilities were found in Inetmedia's web services cityinfo.pl and cityaz.de, which my be exploited by attackers to gain confidential information and/or modify datebase.
These flaws are due to PHP programming mistakes in:
"http://users.[CITY_NAME].cityinfo.pl/";
"http://users.[CITY_NAME].cityaz.de/";
"http://[CITY_NAME].cityinfo.pl/firma.php";
"http://[CITY_NAME].cityinfo.pl/page_tpl.php";
"http://[CITY_NAME].cityaz.de/firma.php";
"http://[CITY_NAME].cityaz.de/page_tpl.php";
"https://users.[CITY_NAME].pl/";
"https://users.[CITY_NAME].de/";
"https://[CITY_NAME].cityinfo.pl/";
"https://[CITY_NAME].cityaz.de/".
CITY_NAME - name of the city in Poland or Germany.
Probably there are more flaws, which were not discovered during research.
Examples:
=========
http://users.krakinfo.pl/index.php?msg=
http://www.krakinfo.pl/firma.php?id=-1%20union%20select%20*%20from%20uzytkownicy
References:
===========
www.cityinfo.pl
stats.inetmedia.pl/cityinfo.php
www.cityaz.de
stats.inetmedia.pl/cityaz.php
www.inetmedia.pl
Credits:
========
Vulnerabilities were found by:
Łukasz Juszczyk a.k.a kahir,
Filip Palian a.k.a s_n.
Feedback:
=========
Additional information:
=======================
Vulnerability reported to Inetmedia on 25-06-06 at 14:30.
Acknowledgment:
===============
[DFT]