Users of Motorito < v2.0 Ni 483 please be advised of a SQL Injection and XSS Vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
Motorito-SA-09/23/2010: Motorito - SQL Injection and XSS Vulnerabilities
VULNERABILITY
-------------------------
SQL Injection and XSS in Motorito < v2.0 Ni 483
DESCRIPTION
-------------------------
This bug was found using CENTOS and the last release of Motorito with
Apache 2.2.3 and PHP 5.1.6.
To exploit the vulnerability only is needed use the version 1.0 of the
HTTP protocol to interact with the application, and it is possible to
check that the variables of the module index.php are not properly
filtered.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/b7ltGD
No comments:
Post a Comment