This is a nonexistent vulnerability. The unsanitized variable
referenced is only used in the Javascript on the page and is never
passed back for processing by the PHP code, much less in any SQL
statement. Furthermore, the page that this summary references is only
accessible by users who have administrative access to the site and
not by random external users.
In the future Mr "xoxland", it might be good for you to let the
developers of the software know about your discoveries before you go
public with them. In this way, you can avoid the embarrassment of
issuing false advisories as well.
Victor
*definitely NOT speaking for the MODx dev team - these are personal
opinions*
On Oct 8, 2007, at 11:35 PM, xoxland@xxxxxxxxx wrote:
New Advisory:
modx-0.9.6
http://www.dear-pets.com
——————–Summary—————-
Software: modx-0.9.6
Sowtware’s Web Site: http://www.modxcms.com
Versions: 0.9.6
Critical Level: Moderate
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched
PoC/Exploit: Not Available
Solution: Not Available
Discovered by: http://www.dear-pets.com
—————–Description—————
1. SQL Injection.
Vulnerable script: mutate_content.dynamic.php
Parameters ‘documentDirty’, ‘modVariables’ is not
properly sanitized before being used in SQL query. This can be used to
make SQL queries by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
————–PoC/Exploit———————-
Waiting for developer(s) reply.
————–Solution———————
No Patch available.
————–Credit———————–
Discovered by: http://www.dear-pets.com
