Advertisement
Home arrow ITsec Advisories arrow Academic Web Tools SQL Injection and Cross-Site Scripting
Wednesday, 20 August 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  19250  83.78%
Win 2003  2262  9.84%
FreeBSD  826  3.59%
Win 2000  263  1.14%
SolarisSunOS  168  0.73%
Other  208  0.91%

Total attacks: 22977 of which 10864 single ip and 12113 mass defacements

Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
Visitors' Map
Academic Web Tools SQL Injection and Cross-Site Scripting PDF Print E-mail
User Rating: / 0
PoorBest 
Written by Marcelo Almeida (Vympel)   
Tuesday, 24 June 2008

AmnPardaz Security Research Team have reported some vulnerabilities in Academic Web Tools (AWT YEKTA), which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

1) Input passed to the "book_id" parameter in rating.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code...

2) Input passed to the "Fake" parameter in login.php and "glb_sid" in hta/htmlarea.js.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3) Input passed to the "file" parameter in rss_getfile.php is not properly sanitised before being used. This can be exploited via malicious URLs to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in versions 1.4.3.1 and 1.4.2.8. Other versions may also be affected.

Solution:
Filter malicious characters and character sequences in a web proxy.

Provided and/or discovered by:
AmnPardaz Security Research Team

Original Advisory:
http://www.bugreport.ir/?/44

Original Article:
http://secunia.com/advisories/30763/


Comments Index (Total Messages: 0)


Post Reply
Name:Guest
Title:
Comment:



Enter this security word

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
 
Top!
© 2008 Zone-H.org
Joomla! is Free Software released under the GNU/GPL License.
 Top!