[VIM] Errors and oddities in Phorum 5.0.11 XSS/SQl injection
Steven M. Christey
coley at mitre.org
Fri Jul 15 17:25:06 EDT 2005
OSVDB:11129 read.php SQL injection
SECUNIA:12980 - generic XSS and SQL injection
BID:11538 - generic XSS and SQL injection
SECTRACK:1011921 - read.php SQL injection and XSS
Looks like every VDB has a different spin on the details.
Here's my take:
- Positive Technologies releases report on SQL injection in read.php
query string for Phorum 5.0.11
Researcher claims issue is fixed in CVS.
- Phorum releases 5.0.12. Changelog says "XSS really gone now" and
"two instances of "fixed sql-injection issue"
Not enough detail for me to be sure they fixed the SQL injection
- I search through CVS to try and find relevant diffs, but give up
after a few minutes.
- CVS changelog is more informative:
* shows SQL injection in read.php *AND* file.php
* lists XSS is in search.php
For CVE, "mutual consistency" of researcher ("fixed in CVS") and
vendor (fixed associated file in next version) is sufficient for
acknowledgement of the read.php issue.
Somewhere along the line:
- VDB's linked the XSS to Positive Technologies - but they never
- some VDB's only had the vendor changelog and so didn't know it was
- all/most VDB's missed that there are 2 SQL injections, one for
read.php and one for file.php
- some VDB's said the XSS was for read.php but there's no evidence
More information about the VIM