Re: Vulnerabilities

[Victor Brilon <victor () victorland com>]

This is a nonexistent vulnerability. The unsanitized variable  
referenced is only used in the Javascript on the page and is never  
passed back for processing by the PHP code, much less in any SQL  
statement. Furthermore, the page that this summary references is only  
accessible by users who have administrative access to the site and  
not by random external users.

In the future Mr "xoxland", it might be good for you to let the  
developers of the software know about your discoveries before you go  
public with them. In this way, you can avoid the embarrassment of  
issuing false advisories as well.

Victor
*definitely NOT speaking for the MODx dev team - these are personal  
opinions*


On Oct 8, 2007, at 11:35 PM, xoxland () gmail com wrote:

>  New Advisory:
> modx-0.9.6
> http://www.dear-pets.com
>
> ——————–Summary—————-
> Software: modx-0.9.6
> Sowtware’s Web Site: http://www.modxcms.com
> Versions: 0.9.6
> Critical Level: Moderate
> Type: Multiple Vulnerabilities
> Class: Remote
> Status: Unpatched
> PoC/Exploit: Not Available
> Solution: Not Available
> Discovered by: http://www.dear-pets.com
>
> —————–Description—————
> 1. SQL Injection.
>
> Vulnerable script: mutate_content.dynamic.php
>
> Parameters ‘documentDirty’, ‘modVariables’ is not
> properly sanitized before being used in SQL query. This can be used to
> make SQL queries by injecting arbitrary SQL code.
>
> Condition: magic_quotes_gpc = off
>
> ————–PoC/Exploit———————-
> Waiting for developer(s) reply.
>
> ————–Solution———————
> No Patch available.
>
> ————–Credit———————–
> Discovered by: http://www.dear-pets.com