by r0t,der4444,cembo,VietMafia

Friday, June 02, 2006

Unak CMS vuln.

###############################################
Vuln. discovered by : r0t
Date: 2 june 2006
vendor:http://www.unak.net
affected versions:1.5 RC2 and prior
###############################################

Vuln. Description:


1) Input passed to the "u_a" and "u_s" parameters is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Input to the "u_a" and "u_s" parameters is also not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.



###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

2 Comments:

Anonymous Anonymous told...

These variables are used in dozens of files. Can you disclose the injection point or narrow down which scripts are (or are not) vulnerable?

1:14 AM

 
Blogger r0t told...

if you are developer , you must know in wich file those parameters is used. there isnt to much files to find out.
If i had them before know i dont have now, i dont store information like this one , after i do report on blog i dont store any information.

3:11 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew