Home / exploits bitweaver131.txt
Posted on 13 November 2006
bitweaver <=1.3.1 [injection sql (post) & xss (post)] vendor site: http://www.bitweaver.org/ product :bitweaver 1.3.1 bug:injection sql post & multiples xss post risk : high severals juicy sql error can be found in the sort_mode var , sql (get) : http://localhost/bitweaver/blogs/list_blogs.php?sort_mode=-98 http://localhost/bitweaver/fisheye/list_galleries.php?sort_mode=-98 http://localhost/bitweaver/fisheye/index.php?sort_mode=-98 http://127.0.0.1/bitweaver/wiki/orphan_pages.php?sort_mode=-98 http://127.0.0.1/bitweaver/wiki/list_pages.php?find=&sort_mode=-98 injection sql (post) : path : http://site.com/bitweaver/newsletters/edition.php Variables: bitweaver/newsletters/edition.php?tk=[SQL]&find=1&search=suchen XSS post : http://localhost/bitweaver/articles/edit.php ===> xss post in message title ( submit article ) http://localhost/bitweaver/blogs/post.php ==> xss post in message title ( blog ) http://localhost/bitweaver/wiki/edit.php?page=SandBox ==> xss post in message description ( wiki ) those xss are pretty dangerous , like in submit article , wich is only viewed by an administrator , to approve the submitted article, so he can easly get his cookie stealed . laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@gmail.com