Bugtraq mailing list archives

[SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05)

From: <deluxe () security-project org>
Date: 16 May 2005 18:29:01 -0000



[SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05)

Vendor: JGS-XA
URL: http://www.jgs-xa.de/
Version: <= 3.0.2
Type: SQL-Injections, XSS and Full Path Disclosures

Discovered by deluxe89 and the Security-Project Team



Description:
-------------------------
The JGS-Portal is a high customisable Portal for the Woltlab Burning Board.




SQL-Injections:
-------------------------
/jgs_portal.php?anzahl_beitraege=[SQL-Injection]
/jgs_portal_statistik.php?meinaction=mitglieder&month=1&year=1[SQL-Injection]
/jgs_portal_statistik.php?meinaction=themen&month=1&year=1[SQL-Injection]
/jgs_portal_statistik.php?meinaction=beitrag&month=1&year=1[SQL-Injection]
/jgs_portal_beitraggraf.php?month=1&year=1[SQL-Injection]
/jgs_portal_viewsgraf.php?jahr=1&monat=1&tag=1[SQL-Injection]
/jgs_portal_themengraf.php?month=1&year=1[SQL-Injection]
/jgs_portal_mitgraf.php?month=1&year=1[SQL-Injection]
/jgs_portal_sponsor.php?id=[SQL-Injection]

/jgs_portal_log.php
"Accept-Language"-Header SQL-Injection, the first two chars

JGS-Portal Version <= 3.0.1 SQL-Injection Vulnerability:
/jgs_portal_box.php?id=[SQL-Injection]

Many SQL-Injections are exploitable.



Cross Site Scripting:
-------------------------
You can abuse the SQL-Injections for XSS attacks.




Full Path Disclosures:
-------------------------
/jgs_portal_ref.php
/jgs_portal_land.php
/jgs_portal_log.php
/jgs_portal_global_sponsor.php
/jgs_portal_global.php
/jgs_portal_system.php
/jgs_portal_views.php
/jgs_portal_include/jgs_portal_boardmenue.php
/jgs_portal_include/jgs_portal_forenliste.php
/jgs_portal_include/jgs_portal_geburtstag.php
/jgs_portal_include/jgs_portal_guckloch.php
/jgs_portal_include/jgs_portal_kalender.php
/jgs_portal_include/jgs_portal_letztethemen.php
/jgs_portal_include/jgs_portal_links.php
/jgs_portal_include/jgs_portal_neustemember.php
/jgs_portal_include/jgs_portal_newsboard.php
/jgs_portal_include/jgs_portal_online.php
/jgs_portal_include/jgs_portal_pn.php
/jgs_portal_include/jgs_portal_portalmenue.php
/jgs_portal_include/jgs_portal_styles.php
/jgs_portal_include/jgs_portal_suchen.php
/jgs_portal_include/jgs_portal_team.php
/jgs_portal_include/jgs_portal_topforen.php
/jgs_portal_include/jgs_portal_topposter.php
/jgs_portal_include/jgs_portal_umfrage.php
/jgs_portal_include/jgs_portal_useravatar.php
/jgs_portal_include/jgs_portal_waronline.php
/jgs_portal_include/jgs_portal_woonline.php
/jgs_portal_include/jgs_portal_zufallsavatar.php



Security-Project
-------------------------
Visit www.security-project.org

Current thread:

[SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05) deluxe (May 16)
- <Possible follow-ups>
- Re: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05) deluxe (May 19)