Menu

Search for hundreds of thousands of exploits

"ADOdb < 4.71 - Cross Site Scripting"

Author

Exploit author

"GulfTech Security"

Platform

Exploit platform

php

Release date

Exploit published date

2016-02-18

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
ADOdb Cross Site Scripting

Vendor: John Lim
Product: ADOdb
Version: <= 4.71
Website: http://adodb.sourceforge.net/

BID: 16720 
CVE: CVE-2006-0806 
OSVDB: 23362 23363 23364 
SECUNIA: 18928 
PACKETSTORM: 44065 

Description:
ADOdb is a database abstraction library for php used by a great deal of projects to provide support for a number of well known database api's. ADOdb also comes with various functions to perform routine database related tasks. One of the more useful of these functions is ADOdb's ability to paginate the retrieved database records by using the ADODB_Pager class. However, there are several cross site scripting issues within the ADODB_Pager class that may allow for an attacker to render malicious client side code in the victims browser. An updated version of ADOdb has been released, and users should update their ADOdb library. 


Cross Site Scripting:
There are several Cross Site Scripting issues in ADOdb versions 4.71 and possibly earlier that may allow for an attacker to render malicious client side code in the victim's browser. 
if (isset($_GET[$next_page])) {
	$_SESSION[$curr_page] = $_GET[$next_page];
}
if (empty($_SESSION[$curr_page])) $_SESSION[$curr_page] = 1; ## at first page
		
$this->curr_page = $_SESSION[$curr_page];

The above code is taken from adodb-pager.inc.php @ lines 72-77 and ultimately set's the $this->curr_page variable to unsanitized user supplied input. Later on this variable is used when drawing the links for the pagination, thus allowing for Cross Site Scripting attacks to be possible. There are also several unsafe PHP_SELF calls within the script that allow for similar Cross Site Scripting attacks. In addition to these issues there are also several input validation issues in the performance scripts such as adodb-perf.inc.php and perf-oci8.inc.php, but these will not be addressed as the author says: 

"The adodb perf files assume that you can execute any sql in the system from the sql form we provide. True that there could be security issues in the perf scripts, but using the perf files already assume (and require) a high level of trust." 

We may include details of these vulnerabilities in this advisory at a later date. However, a new version of ADOdb was just released to address the previously mentioned Cross Site Scripting issues. 


Solution:
A new version of ADOdb was recently released which addresses the previously mentioned Cross Site Scripting issues. Users should upgrade their current vulnerable ADOdb libraries. 


Credits:
James Bercegay of the GulfTech Security Research Team
Release Date Title Type Platform Author
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site Scripting" webapps php "Hemant Patidar"
2020-12-02 "WordPress Plugin Wp-FileManager 6.8 - RCE" webapps php "Mansoor R"
2020-12-02 "WonderCMS 3.1.3 - Authenticated Remote Code Execution" webapps php zetc0de
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover" webapps php "Mufaddal Masalawala"
2020-12-02 "Simple College Website 1.0 - 'page' Local File Inclusion" webapps php Mosaaed
2020-12-02 "Car Rental Management System 1.0 - SQL Injection / Local File include" webapps php Mosaaed
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution" webapps php zetc0de
2020-12-02 "Pharmacy Store Management System 1.0 - 'id' SQL Injection" webapps php "Aydın Baran Ertemir"
2020-12-01 "Multi Restaurant Table Reservation System 1.0 - Multiple Persistent XSS" webapps php yunaranyancat
Release Date Title Type Platform Author
2018-01-15 "D-Link DNS-325 ShareCenter < 1.05B03 - Multiple Vulnerabilities" webapps php "GulfTech Security"
2018-01-15 "D-Link DNS-343 ShareCenter < 1.05 - Command Injection" webapps php "GulfTech Security"
2018-01-08 "Synology Photostation < 6.7.2-3429 - Multiple Vulnerabilities" webapps php "GulfTech Security"
2018-01-03 "WDMyCloud < 2.30.165 - Multiple Vulnerabilities" remote hardware "GulfTech Security"
2018-01-03 "D-Link DNS-320 ShareCenter < 1.06 - Backdoor Access" remote hardware "GulfTech Security"
2016-10-04 "Mambo < 4.5.4 - SQL Injection" webapps php "GulfTech Security"
2016-08-28 "CubeCart < 3.0.12 - Multiple Vulnerabilities" webapps php "GulfTech Security"
2016-08-18 "X-Cart < 4.1.3 - Arbitrary Variable Overwrite" webapps php "GulfTech Security"
2016-08-14 "Claroline < 1.7.7 - Arbitrary File Inclusion" webapps php "GulfTech Security"
2016-08-11 "SquirrelMail < 1.4.7 - Arbitrary Variable Overwrite" webapps php "GulfTech Security"
2016-03-05 "PHPLib < 7.4 - SQL Injection" webapps php "GulfTech Security"
2016-03-02 "Gallery 2 < 2.0.2 - Multiple Vulnerabilities" webapps php "GulfTech Security"
2016-02-26 "phpRPC < 0.7 - Remote Code Execution" webapps php "GulfTech Security"
2016-02-24 "Mambo < 4.5.3h - Multiple Vulnerabilities" webapps php "GulfTech Security"
2016-02-21 "PEAR LiveUser < 0.16.8 - Arbitrary File Access" webapps php "GulfTech Security"
2016-02-19 "Geeklog < 1.4.0 - Multiple Vulnerabilities" webapps php "GulfTech Security"
2016-02-18 "ADOdb < 4.71 - Cross Site Scripting" webapps php "GulfTech Security"
2015-07-21 "XPCOM - Race Condition" webapps php "GulfTech Security"
2015-07-14 "SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite" webapps php "GulfTech Security"
2015-07-02 "PHPXMLRPC < 1.1 - Remote Code Execution" webapps php "GulfTech Security"
2015-07-01 "PEAR XML_RPC < 1.3.0 - Remote Code Execution" webapps php "GulfTech Security"
2015-06-29 "XOOPS < 2.0.11 - Multiple Vulnerabilities" webapps php "GulfTech Security"
2015-05-28 "Peercast < 0.1211 - Format String" dos windows "GulfTech Security"
2015-05-16 "Burning Board < 2.3.1 - SQL Injection" webapps php "GulfTech Security"
2015-05-05 "Invision Power Board (IP.Board) < 2.0.3 - Multiple Vulnerabilities" webapps php "GulfTech Security"
2015-04-19 "AZBB < 1.0.07d - Multiple Vulnerabilities" webapps php "GulfTech Security"
2015-01-03 "PhotoPost < 4.85 - Multiple Vulnerabilities" webapps php "GulfTech Security"
2015-01-02 "ReviewPost < 2.84 - Multiple Vulnerabilities" webapps php "GulfTech Security"
2015-01-01 "PhotoPost Classifieds < 2.01 - Multiple Vulnerabilities" webapps php "GulfTech Security"
2014-12-29 "PHP-Calendar < 0.10.1 - Arbitrary File Inclusion" webapps php "GulfTech Security" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected