Home page logo
/

bugtraq logo Bugtraq mailing list archives

Multiple Vulnerabilities in PHP Surveyor
From: thegreatone2176 () yahoo com
Date: 20 Jul 2005 02:08:10 -0000

-----------------------------------------------------------
Multiple Vulnerabilities in PHP Surveyor version 0.98 stable 
------------------------------------------------------------

Summary:

PHP Surveyor is vulnerable to many sql injections, cross site scriptings, and path disclosures.

Details:

root directory
--------------

question.php, survey.php, group.php - all give path disclosure

admin directory
--------------

browse.php - sid, start, and id parametereters all vulnerable to injection and xss, no 

parametereter gives sql error.

dataentry.php - sid sql injection and xss

export.php - sid sql injection and xss, no parametereter gives sql error.

database.php - straight to page gives path disclosure.

dumpquestion.php - qid=' gives multiple path disclosures.

admin.php - sid parameter sql injection

labels.php - lid parameter sql injection and path disclosure

dumplabel.php - lid parameter sql injection and path disclosure

sessioncontrol.php - straight to page gives path disclosure

html.php - straight to page gives path disclosure

conditions.php - no parameter sql error, sql injection on sid parameter

spss.php - no parameter sql error, sql inject on sid parameter

deletesurvey.php - sql inject with sid when ok=Y

dumpsurvey.php - sid sql injection

statistics.php - sid sql injection

-------------------------------


Solution:

Cleanse all user input before processing to stop injections, check to make sure parameters are 
present before processing to stop sql errors and path disclosure.

Credit:

tgo thegreatone2176 () yahoo com

Greets:

smooth_operator and zith


  By Date           By Thread  

Current thread:
  • Multiple Vulnerabilities in PHP Surveyor thegreatone2176 (Jul 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault