Advisory: Multiple vulnerabilities on http://www.salue.de/ Advisory ID: SSCHADV2011-010 Author: Stefan Schurtz Affected Software: http://www.salue.de/ Vendor URL: http://www.salue.de/ Vendor Status: informed CVE-ID: - ========================== Vulnerability Description: ========================== The website "http://www.salue.de/" is prone to multiple XSS/SQL/FPD/LFI vulnerabilities ================== Technical Details: ================== Cross-Site-Scripting http://www.salue.de/nachrichten/indexAudioArchiv.phtml -> Archiv-Suche -> Suchen -> /> http://www.salue.de/anzeigen/indexRubrik.phtml?rubrik=search&searchBegriff=/> -> Service/News -> nach Begriff suchen Full-Path-Disclosure http://www.salue.de/nachrichten/message.phtml?id='&rubrik=regional http://www.salue.de/nachrichten/message.phtml?id=27448'&rubrik=' http://www.salue.de/nachrichten/index.phtml?rubrik=sport' http://www.salue.de/termineonline/index.phtml?search=true&dayX=15&monthX=9&yearX=aaaaa http://www.salue.de/inside/team/profil.phtml?path_profil=../ http://www.salue.de/musik/starnews/index.phtml?limit=' Possible SQL-Injection http://www.salue.de/nachrichten/message.phtml?id='&rubrik=regional http://www.salue.de/nachrichten/message.phtml?id=27448'&rubrik=' http://www.salue.de/nachrichten/index.phtml?rubrik=sport' http://www.salue.de/musik/starnews/index.phtml?limit=' Possible LFI - local file inclusion http://www.salue.de/inside/team/profil.phtml?path_profil=../ ========= Solution: ========= - ==================== Disclosure Timeline: ==================== 12-Aug-2011 - informed about the email "media@salue.de" -> no response 12-Aug-2011 - release date of this security advisory 22-Aug-2011 - informed about the email "stephanie.graesser@salue.de" -> no response ======== Credits: ======== Vulnerabilities found and advisory written by Stefan Schurtz. =========== References: =========== http://www.salue.de/ http://www.rul3z.de/advisories/SSCHADV2011-010.txt