|
##################################################################
##################################################################
# ___ ___ _ _____ __ _ #
# / _ \ / _ \| | | __ \ / _| | | #
# _ __| | | | | | | |_| | | | ___| |_ __ _ ___ ___ __| | #
# | '__| | | | | | | __| | | |/ _ \ _/ _` |/ __/ _ \/ _` | #
# | | | |_| | |_| | |_| |__| | __/ || (_| | (_| __/ (_| | #
# |_| \___/ \___/ \__|_____/ \___|_| \__,_|\___\___|\__,_| #
# #
# #
# +-+-+-+-+ #
# |C|r|e|w| #
# +-+-+-+-+ #
##################################################################
##################################################################
# [#] Theeta CMS (Cross Site Scripting,SQL Injection) Multiple Vulnerabilities #
# [#] Discovered By c0dy #
# [#] http://r00tDefaced.net #
# [#] Greetz: sHoKeD-bYte, syst0x1c & r00tDefaced Members #
##################################################################
#
# [1]-Cross Site Scripting
#
# Vulnerability Description:
# Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code #injection by malicious web users into the web pages viewed by other users.
#
# Affected items:
# http://127.0.0.1/community/thread.php?start=[XSS]
# http://127.0.0.1/community/thread.php?forum=[XSS]
# http://127.0.0.1/community/thread.php?cat=[XSS]
# http://127.0.0.1/community/forum.php?start=[XSS]
# http://127.0.0.1/community/forum.php?cat=[XSS]
# http://127.0.0.1/blog/index.php?start=[XSS]
#
#
# Exemple:
#
# The Risk:
# By exploiting this vulnerability, an attacker can inject malicious code in the script and can stole cookies.
#
# Fix the vulnerability:
# * Encode output based on input parameters.
# * Filter input parameters for special characters.
# * Filter output based on input parameters for special characters...
#
#################################################################
#
# [2]-SQL injection
#
# Vulnerability Description:
# SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an #application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL #statements or user input is not strongly typed and thereby unexpectedly executed.
#
# Affected items:
# http://127.0.0.1/community/forum.php?start=[SQL Injection]
# http://127.0.0.1/community/thread.php?start=[SQL Injection]
# http://127.0.0.1/blog/index.php?start=[SQL Injection]
#
# Exemple: -1+ORDER+BY+1-- [You can find the number of colums (Well just incrementing the number until we get an error.)]
#
# The Risk:
# By exploiting this vulnerability, an attacker can inject malicious code in the script and can have acces to the database.
#
# Fix the vulnerability:
# To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parameterized statements must be used #(preferred), or user input must be carefully escaped or filtered.
#
#################################################################
#################################################################
# r00tDefaced [2009-12-01]