<<< Date Index >>>     <<< Thread Index >>>

Multiple XSS vulnerabiliteies in Inetmedia's information service - cityinfo.



Description:
============
Multiple XSS and SQL injection vulnerabilities were found in Inetmedia's web 
services cityinfo.pl and cityaz.de, which my be exploited by attackers to gain  
confidential information and/or modify datebase.

These  flaws  are  due  to  PHP programming mistakes in:
  "http://users.[CITY_NAME].cityinfo.pl/";;
  "http://users.[CITY_NAME].cityaz.de/";;
  "http://[CITY_NAME].cityinfo.pl/firma.php";;
  "http://[CITY_NAME].cityinfo.pl/page_tpl.php";;
  "http://[CITY_NAME].cityaz.de/firma.php";;
  "http://[CITY_NAME].cityaz.de/page_tpl.php";;
  "https://users.[CITY_NAME].pl/";;
  "https://users.[CITY_NAME].de/";;
  "https://[CITY_NAME].cityinfo.pl/";;
  "https://[CITY_NAME].cityaz.de/";.

CITY_NAME - name of the city in Poland or Germany.

Probably there are more flaws, which were not discovered during research.

Examples:
=========
http://users.krakinfo.pl/index.php?msg=<script>alert(document.cookie);</script>
http://www.krakinfo.pl/firma.php?id=-1%20union%20select%20*%20from%20uzytkownicy

References:
===========
www.cityinfo.pl
stats.inetmedia.pl/cityinfo.php
www.cityaz.de
stats.inetmedia.pl/cityaz.php
www.inetmedia.pl

Credits:
========
Vulnerabilities were found by:
  &#321;ukasz Juszczyk a.k.a kahir,
  Filip Palian a.k.a s_n.

Feedback:
=========
<lukasz.juszczyk at pjwstk.edu.pl>
<filip.palian at pjwstk.edu.pl>

Additional information:
=======================
Vulnerability reported to Inetmedia on 25-06-06 at 14:30.

Acknowledgment:
===============
[DFT]