Posts

Showing posts from March, 2012

Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities

1. OVERVIEW Etano 1.x versions are vulnerable to Cross Site Scripting. 2. BACKGROUND The community builder script we provide - Etano - was built entirely based on requests from customers of our previous dating package (Dating Site Builder). Almost every feature ever requested was built into Etano to help you build a better site for your community members. You can use Etano to start up a dating site, a social networking site, a classifieds site or any other type of site involving groups of people, companies, products. 3. VULNERABILITY DESCRIPTION Multiple parameters were not properly sanitized upon submission to join.php, search.php, photo_search.php and photo_view.php , which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED Tested in 1.x versions (1.20-1.22) 5. PROOF-OF-CONCEPT/EXPLOIT URL: http://localhost/etano/join.php

Open-Realty CMS 2.5.8 (2.x.x) <= "select_users_template" Local File Inclusion Vulnerability

1. OVERVIEW Open-Realty 2.5.8 and lower versions are vulnerable to Local File Inclusion. 2. BACKGROUND Open-Realty is the world's leading real estate listing marketing and management CMS application, and has enjoyed being the real estate web site software of choice for professional web site developers since 2002. 3. VULNERABILITY DESCRIPTION Open-Realty contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'index.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'select_users_template' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of an