by r0t,der4444,cembo,VietMafia

Monday, December 05, 2005

Web4Future Portal Solutions - News Portal vuln.

Web4Future Portal Solutions - News Portal vuln.
Vuln. dicovered by : r0t
Date: 5 dec. 2005
vendor:http://www.web4future.com/products.php?p=nportal
affected version: latest

Product Description:
It's a professional solution dedicated for Newspapers and publications that want to easily present their paper on the Internet. It comes with an easy to use web site manager, automated newsletter creation utility, automated weather forecast system and currency converter. It creates everything automated: front page, newsletter, archive.

Vuln. Description:

1. SQL injection vuln.
Input passed to the "idp" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
/comentarii.php?idp=[SQL]

2.Directory Traversal vuln.

Input passed to the "dir" parameter isn't properly sanitised before being used to open a file. This can be exploited to view the contents of arbitrary files on the system via directory traversal attacks.

example:
/arhiva.php?dir=../

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew