Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Vulnerabilities
From: Victor Brilon <victor () victorland com>
Date: Wed, 10 Oct 2007 02:31:09 -0700

This is a nonexistent vulnerability. The unsanitized variable referenced is only used in the Javascript on the page and is never passed back for processing by the PHP code, much less in any SQL statement. Furthermore, the page that this summary references is only accessible by users who have administrative access to the site and not by random external users.

In the future Mr "xoxland", it might be good for you to let the developers of the software know about your discoveries before you go public with them. In this way, you can avoid the embarrassment of issuing false advisories as well.

Victor
*definitely NOT speaking for the MODx dev team - these are personal opinions*


On Oct 8, 2007, at 11:35 PM, xoxland () gmail com wrote:

 New Advisory:
modx-0.9.6
http://www.dear-pets.com

——————–Summary—————-
Software: modx-0.9.6
Sowtware’s Web Site: http://www.modxcms.com
Versions: 0.9.6
Critical Level: Moderate
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched
PoC/Exploit: Not Available
Solution: Not Available
Discovered by: http://www.dear-pets.com

—————–Description—————
1. SQL Injection.

Vulnerable script: mutate_content.dynamic.php

Parameters ‘documentDirty’, ‘modVariables’ is not
properly sanitized before being used in SQL query. This can be used to
make SQL queries by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

————–PoC/Exploit———————-
Waiting for developer(s) reply.

————–Solution———————
No Patch available.

————–Credit———————–
Discovered by: http://www.dear-pets.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]