[VIM] The disappearing iPostMX 2005 SQL injection issue

security curmudgeon jericho at attrition.org
Mon Jun 19 17:06:25 EDT 2006


: References:
: 
:   XF:ipost-forum-sql-injection(27144)
:   http://xforce.iss.net/xforce/xfdb/27144
: 
: claimed source:
: 
:   http://pridels.blogspot.com/2006/06/ipostmx-2005-vuln.html
: 
: Both ISS and one of CVE's analysts reported on an SQL injection 
: involving the forum parameter in messagepost.cfm and topic parameter in 
: topics.cfm, with the r0t advisory as a reference, but that detail is no 
: longer included in that reference as of 20060619.  Maybe this was a 
: site-specific problem, I don't know.  The pridels site at the moment 
: seems to be having some linking/presentation issues, so I can't 
: investigate further.

On 2006-06-16, I created two entries in OSVDB for iPostMX cross-site 
scripting issues.

26522: iPostMX 2005 userlogin.cfm RETURNURL Variable XSS
26523: iPostMX 2005 account.cfm RETURNURL Variable XSS

At the time, the pridels advisory contained no mention of SQL injection 
vulnerabilities.

Currently, the advisory loads fine for me and says:

  Vuln. Description:

  iPostMX 2005 contains a flaw that allows a remote Cross-Site Scripting 
  attacks.Input passed to the "RETURNURL" parameter in "userlogin.cfm" and 
  "account.cfm" isn't properly sanitised before being returned to the 
  user. This can be exploited to execute arbitrary HTML and script code in 
  a user's browser session in context of an affected site.

As far as I remember, this is the same text that was present on the 16th.


More information about the VIM mailing list