Bugtraq mailing list archives
Re: Vulnerabilities
From: Victor Brilon <victor () victorland com>
Date: Wed, 10 Oct 2007 02:31:09 -0700
This is a nonexistent vulnerability. The unsanitized variable referenced is only used in the Javascript on the page and is never passed back for processing by the PHP code, much less in any SQL statement. Furthermore, the page that this summary references is only accessible by users who have administrative access to the site and not by random external users.
In the future Mr "xoxland", it might be good for you to let the developers of the software know about your discoveries before you go public with them. In this way, you can avoid the embarrassment of issuing false advisories as well.
Victor*definitely NOT speaking for the MODx dev team - these are personal opinions*
On Oct 8, 2007, at 11:35 PM, xoxland () gmail com wrote:
New Advisory: modx-0.9.6 http://www.dear-pets.com ——————–Summary—————- Software: modx-0.9.6 Sowtware’s Web Site: http://www.modxcms.com Versions: 0.9.6 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpatched PoC/Exploit: Not Available Solution: Not Available Discovered by: http://www.dear-pets.com —————–Description————— 1. SQL Injection. Vulnerable script: mutate_content.dynamic.php Parameters ‘documentDirty’, ‘modVariables’ is not properly sanitized before being used in SQL query. This can be used to make SQL queries by injecting arbitrary SQL code. Condition: magic_quotes_gpc = off ————–PoC/Exploit———————- Waiting for developer(s) reply. ————–Solution——————— No Patch available. ————–Credit———————– Discovered by: http://www.dear-pets.com
Current thread:
- Vulnerabilities xoxland (Oct 09)
- Re: Vulnerabilities Victor Brilon (Oct 11)
- <Possible follow-ups>
- Re: Vulnerabilities sottwell (Oct 11)