inetmedia.txt
Posted on 22 December 2006
Description: ============ Multiple XSS and SQL injection vulnerabilities were found in Inetmedia's web services cityinfo.pl and cityaz.de, which my be exploited by attackers to gain confidential information and/or modify datebase. These flaws are due to PHP programming mistakes in: "http://users.[CITY_NAME].cityinfo.pl/"; "http://users.[CITY_NAME].cityaz.de/"; "http://[CITY_NAME].cityinfo.pl/firma.php"; "http://[CITY_NAME].cityinfo.pl/page_tpl.php"; "http://[CITY_NAME].cityaz.de/firma.php"; "http://[CITY_NAME].cityaz.de/page_tpl.php"; "https://users.[CITY_NAME].pl/"; "https://users.[CITY_NAME].de/"; "https://[CITY_NAME].cityinfo.pl/"; "https://[CITY_NAME].cityaz.de/". CITY_NAME - name of the city in Poland or Germany. Probably there are more flaws, which were not discovered during research. Examples: ========= http://users.krakinfo.pl/index.php?msg=<script>alert(document.cookie);</script> http://www.krakinfo.pl/firma.php?id=-1%20union%20select%20*%20from%20uzytkownicy References: =========== www.cityinfo.pl stats.inetmedia.pl/cityinfo.php www.cityaz.de stats.inetmedia.pl/cityaz.php www.inetmedia.pl Credits: ======== Vulnerabilities were found by: Łukasz Juszczyk a.k.a kahir, Filip Palian a.k.a s_n. Feedback: ========= <lukasz.juszczyk at pjwstk.edu.pl> <filip.palian at pjwstk.edu.pl> Additional information: ======================= Vulnerability reported to Inetmedia on 25-06-06 at 14:30. Acknowledgment: =============== [DFT]