by r0t,der4444,cembo,VietMafia

Tuesday, December 13, 2005

VCD-db vuln.

VCD-db vuln.

Vuln. dicovered by : r0t
Date: 13 dec. 2005
vendor:http://vcddb.konni.com/
affected version:V.0.98 and prior

Product Description:
VCD-db is a Free web based software that lets you manage your DVD/VCD/CDs collection on your own website. With VCD-db you can easily add new movies with 2 clicks, movie data is automatically fetched for you from IMDB and/or other sources. VCD-db is highly flexible, runs on multiple database platforms such as MySQL, MSSQL,IBM DB2, PostgreSQL and SQLite. VCD-db supports multiple users so your friends can also register on your VCD-db web and start their own catalog, which can then be compared to yours for conveniance. VCD-db has a built in loan system so you can now easily keep track of all the CD's you lend to friends and family, and even send automatic emails to ask them to return your CD's. User catalogs can easily be exported and saved in numerious ways, such as Excel, XML and can even be exported and then imported to another VCD-db site without any hassle.



Vuln. Description:

SQL.
VCD-db contains a flaw that allows a remote sql injection attacks.Input passed to the "by" parameter in "search.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code


XSS.
VCD-db contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "batch" parameter and in Detail search module paremter isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

examples:
/search.php?searchstring=&by=[SQL]

/?page=category&category_id=1&viewmode=
img&batch=%22%3E%3Cscript%3Ealert
('r0t')%3C/script%3E


Solution:
Edit the source code to ensure that input is properly sanitised.

3 Comments:

Anonymous Anonymous told...

The following vulnerabilites have been fixed and updated in CVS.
Maintainance release will be posted within days.

11:22 AM

 
Blogger r0t told...

great to hear that!

2:03 PM

 
Anonymous K0nni told...

VCD-db 0.981 has been released.
The following vulnerabilites have now been fixed.

7:06 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew