Advisory: Multiple vulnerabilities on http://www.salue.de/
Advisory ID: SSCHADV2011-010
Author: Stefan Schurtz
Affected Software: http://www.salue.de/
Vendor URL: http://www.salue.de/
Vendor Status: informed
CVE-ID: -
==========================
Vulnerability Description:
==========================
The website "http://www.salue.de/" is prone to multiple XSS/SQL/FPD/LFI vulnerabilities
==================
Technical Details:
==================
Cross-Site-Scripting
http://www.salue.de/nachrichten/indexAudioArchiv.phtml -> Archiv-Suche -> Suchen -> />
http://www.salue.de/anzeigen/indexRubrik.phtml?rubrik=search&searchBegriff=/> -> Service/News -> nach Begriff suchen
Full-Path-Disclosure
http://www.salue.de/nachrichten/message.phtml?id='&rubrik=regional
http://www.salue.de/nachrichten/message.phtml?id=27448'&rubrik='
http://www.salue.de/nachrichten/index.phtml?rubrik=sport'
http://www.salue.de/termineonline/index.phtml?search=true&dayX=15&monthX=9&yearX=aaaaa
http://www.salue.de/inside/team/profil.phtml?path_profil=../
http://www.salue.de/musik/starnews/index.phtml?limit='
Possible SQL-Injection
http://www.salue.de/nachrichten/message.phtml?id='&rubrik=regional
http://www.salue.de/nachrichten/message.phtml?id=27448'&rubrik='
http://www.salue.de/nachrichten/index.phtml?rubrik=sport'
http://www.salue.de/musik/starnews/index.phtml?limit='
Possible LFI - local file inclusion
http://www.salue.de/inside/team/profil.phtml?path_profil=../
=========
Solution:
=========
-
====================
Disclosure Timeline:
====================
12-Aug-2011 - informed about the email "media@salue.de" -> no response
12-Aug-2011 - release date of this security advisory
22-Aug-2011 - informed about the email "stephanie.graesser@salue.de" -> no response
========
Credits:
========
Vulnerabilities found and advisory written by Stefan Schurtz.
===========
References:
===========
http://www.salue.de/
http://www.rul3z.de/advisories/SSCHADV2011-010.txt