Info

Last Modified

3 months ago

Percent Complete

100%

Disclosure

May 28, 2007

Discovery

Unknown

Dates

Exploit

May 28, 2007

Solution

Unknown

Keywords

netVigilance Security Advisory #22

Description

DGNews contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the news.php script not properly sanitizing user-supplied input to the 'catid' or 'newsid' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database. Additionally, the crafted input is sent back to the browser without filtering allowing for cross site scripting attacks. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Dian Gemilang

DGNews

2.1

References

CVE ID: 2007-0693 (see also: NVD) 2007-2994 (see also: NVD)
Bugtraq ID: 24201 24212
Secunia Advisory ID: 25438
Related OSVDB ID: 34226 34228
ISS X-Force ID: 34539
VUPEN Advisory: ADV-2007-1981
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0411.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0508.html
Other Advisory URL: http://securityreason.com/securityalert/2762
http://www.netvigilance.com/advisory0022
Vendor URL: http://www.diangemilang.com/dgscripts.php
Keyword: netVigilance Security Advisory #22

Manual Testing Notes

Credit

Jesper Jurcenoks - jesper.jurcenoksnetvigilance.com - netVigilance, Inc.
laurent gaffie - laurent.gaffiegmail.com -

CVSSv2 Score

CVSSv2 Base Score = 7.5
Source: nvd.nist.gov | Generated: 2007-06-05 | Disagree? | There are 1 more: View All

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.