[MajorSecurity Advisory #36]dev4u CMS - Multiple SQL Injection and Cross Site Scripting Issues
======Product: dev4u CMS
===========Discovered by: David Vieira-Kurz
===========dev4u CMS is a well known Content Management System.
===========Cross Site Scripting:
Input passed directly to the "user_name", "passwort" and "go_target" parameter in "index.php" is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Input passed directly to the "seite_id", "gruppe_id.php" and "go_target" parameter in "index.php" is not properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
============Edit the source code to ensure that input is properly sanitised.
You should work with "htmlspecialchars()" or "htmlentities()" php-function to ensure that html tags
are not going to be executed. You should also work with the "intval()" and "mysql_real_escape_string()" or "addslashes()" php-function to ensure that sql statements
can't be delivered over the "get" variables. Further it is recommend to set off the "register globals" option in the
"php.ini" on your webserver.
$pass = htmlentities($_POST['pass']);
$test = htmlspecialchars($_GET('test'));
$id = intval($_POST['id']);
===============11.11.2006 discovery of the vulnerabilities
11.11.2006 additional tests with other versions
12.11.2006 contacted the vendor
18.11.2006 advisory is written
18.11.2006 advisory released
======MajorSecurity is a German penetration testing and security research project
which consists of only one person at the present time.
You can find more Information on the MajorSecurity Project at