<<< Date Index >>>     <<< Thread Index >>>

Multiple Vulnerabilities in PHP Surveyor



-----------------------------------------------------------
Multiple Vulnerabilities in PHP Surveyor version 0.98 stable 
------------------------------------------------------------

Summary:

PHP Surveyor is vulnerable to many sql injections, cross site scriptings, and 
path disclosures.

Details:

root directory
--------------

question.php, survey.php, group.php - all give path disclosure

admin directory
--------------

browse.php - sid, start, and id parametereters all vulnerable to injection and 
xss, no 

parametereter gives sql error.

dataentry.php - sid sql injection and xss

export.php - sid sql injection and xss, no parametereter gives sql error.

database.php - straight to page gives path disclosure.

dumpquestion.php - qid=' gives multiple path disclosures.

admin.php - sid parameter sql injection

labels.php - lid parameter sql injection and path disclosure

dumplabel.php - lid parameter sql injection and path disclosure

sessioncontrol.php - straight to page gives path disclosure

html.php - straight to page gives path disclosure

conditions.php - no parameter sql error, sql injection on sid parameter

spss.php - no parameter sql error, sql inject on sid parameter

deletesurvey.php - sql inject with sid when ok=Y

dumpsurvey.php - sid sql injection

statistics.php - sid sql injection

-------------------------------


Solution:

Cleanse all user input before processing to stop injections, check to make sure 
parameters are 
present before processing to stop sql errors and path disclosure.

Credit:

tgo thegreatone2176@xxxxxxxxx

Greets:

smooth_operator and zith