oss-sec mailing list archives
Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005
From: Henri Salo <henri () nerv fi>
Date: Fri, 13 Apr 2012 13:46:35 +0300
On Thu, Apr 12, 2012 at 12:55:01PM -0600, Kurt Seifried wrote:
http://osvdb.org/show/osvdb/80840 Wikidforum Advanced Search Multiple Field SQL InjectionAlso I couldn't really confirm the SQL injections so not assigning a CVE, if you can find confirmation I'll assign a CVE.
With "'" as input to select_sort: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\' asc' at line 1select * from posts where parent_post_id IS NULL AND status=1 AND user_id=0 AND (post LIKE '%foo%' OR title LIKE '%foo%') and status IN (1) order by \\\' asc My friend told me that this can escalate in case of bad permissions or bad MySQL setup, but I do not have better PoC for this list. At least one can't chain for example SELECT foo FROM bar;DROP TABLE users;-- http://dev.mysql.com/doc/refman/5.5/en/select.html - Henri Salo
Current thread:
- CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 Henri Salo (Apr 12)
- Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 Kurt Seifried (Apr 12)
- Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 Henri Salo (Apr 13)
- Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 Kurt Seifried (Apr 12)