Home page logo

bugtraq logo Bugtraq mailing list archives

[NewAngels Advisory #5] Stylemotion WEB//NEWS 1.4 Vulnerabilities
From: r.verton () gmail com
Date: 7 Sep 2005 15:49:52 -0000

[NewAngels Advisory #5] Stylemotion WEB//NEWS 1.4

Software: WEB//NEWS 1.4
Type: SQL Injections, Path Disclosure
Risk: High

Date: Sep. 1 2005
Vendor: Stylemotion

Robin 'onkel_fisch' Verton

WEB//News is a Newsscript which features like an CMS


In the modules/startup.php

$_USER=$db->first("SELECT * FROM ".PRE."_user LEFT JOIN ".PRE."_group USING (groupid) 
                        ( userid='".$_COOKIE['wn_userid']."' AND password='".$_COOKIE['wn_userpw']."' ) 
                      LIMIT 1");

As we can see, the $_COOKIE paramter is not checked. Below i've added how you have to set the Cookies
to take advantage of these vulnerability (send this to index.php):

wn_userid=1; wn_userpw=0' OR '1'='1

Path Disclosure:
No file in he /actions dir is testet if it is directly included.

Nearly every REQUEST variable is not checked so there are a few of SQL-Injections availiable

A few Examples:

Whole NewAngel Team, CyberDead, Modhacker, deluxe

  By Date           By Thread  

Current thread:
  • [NewAngels Advisory #5] Stylemotion WEB//NEWS 1.4 Vulnerabilities r . verton (Sep 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]