Bugtraq mailing list archives
Re: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05)
From: <deluxe () security-project org>
Date: 19 May 2005 11:57:11 -0000
In-Reply-To: <200505172151.j4HLpThM004829 () linus mitre org>
Cross Site Scripting: ------------------------- You can abuse the SQL-Injections for XSS attacks.Does this occur because the XSS-style attacks are being injected into SQL queries, which then generate errors because the queries are malformed, and then PHP blindly reflects the malformed query back to the user without quoting XSS-relevant characters? That would seem to be more of a problem with the application's runtime environment (i.e. PHP) than JGS-Portal itself.
Try the following link: /jgs_portal_statistik.php?meinaction=mitglieder&month=1&year=1<script>alert(document.cookie);</script> JGS-Portal doesn't report an error and the year parameter is passed unfiltered. This is definitively the problem of JGS-Portal. If a SQL-error occurs and the error message contains Cross Site Scripting code, than you're completely right. Regards, deluxe
Current thread:
- [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05) deluxe (May 16)
- <Possible follow-ups>
- Re: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05) deluxe (May 19)