[SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05) Vendor: JGS-XA URL: http://www.jgs-xa.de/ Version: <= 3.0.2 Type: SQL-Injections, XSS and Full Path Disclosures Discovered by deluxe89 and the Security-Project Team Description: ------------------------- The JGS-Portal is a high customisable Portal for the Woltlab Burning Board. SQL-Injections: ------------------------- /jgs_portal.php?anzahl_beitraege=[SQL-Injection] /jgs_portal_statistik.php?meinaction=mitglieder&month=1&year=1[SQL-Injection] /jgs_portal_statistik.php?meinaction=themen&month=1&year=1[SQL-Injection] /jgs_portal_statistik.php?meinaction=beitrag&month=1&year=1[SQL-Injection] /jgs_portal_beitraggraf.php?month=1&year=1[SQL-Injection] /jgs_portal_viewsgraf.php?jahr=1&monat=1&tag=1[SQL-Injection] /jgs_portal_themengraf.php?month=1&year=1[SQL-Injection] /jgs_portal_mitgraf.php?month=1&year=1[SQL-Injection] /jgs_portal_sponsor.php?id=[SQL-Injection] /jgs_portal_log.php "Accept-Language"-Header SQL-Injection, the first two chars JGS-Portal Version <= 3.0.1 SQL-Injection Vulnerability: /jgs_portal_box.php?id=[SQL-Injection] Many SQL-Injections are exploitable. Cross Site Scripting: ------------------------- You can abuse the SQL-Injections for XSS attacks. Full Path Disclosures: ------------------------- /jgs_portal_ref.php /jgs_portal_land.php /jgs_portal_log.php /jgs_portal_global_sponsor.php /jgs_portal_global.php /jgs_portal_system.php /jgs_portal_views.php /jgs_portal_include/jgs_portal_boardmenue.php /jgs_portal_include/jgs_portal_forenliste.php /jgs_portal_include/jgs_portal_geburtstag.php /jgs_portal_include/jgs_portal_guckloch.php /jgs_portal_include/jgs_portal_kalender.php /jgs_portal_include/jgs_portal_letztethemen.php /jgs_portal_include/jgs_portal_links.php /jgs_portal_include/jgs_portal_neustemember.php /jgs_portal_include/jgs_portal_newsboard.php /jgs_portal_include/jgs_portal_online.php /jgs_portal_include/jgs_portal_pn.php /jgs_portal_include/jgs_portal_portalmenue.php /jgs_portal_include/jgs_portal_styles.php /jgs_portal_include/jgs_portal_suchen.php /jgs_portal_include/jgs_portal_team.php /jgs_portal_include/jgs_portal_topforen.php /jgs_portal_include/jgs_portal_topposter.php /jgs_portal_include/jgs_portal_umfrage.php /jgs_portal_include/jgs_portal_useravatar.php /jgs_portal_include/jgs_portal_waronline.php /jgs_portal_include/jgs_portal_woonline.php /jgs_portal_include/jgs_portal_zufallsavatar.php Security-Project ------------------------- Visit www.security-project.org