Multiple XSS vulnerabiliteies in Inetmedia's information service - cityinfo.
Description:
============
Multiple XSS and SQL injection vulnerabilities were found in Inetmedia's web
services cityinfo.pl and cityaz.de, which my be exploited by attackers to gain
confidential information and/or modify datebase.
These flaws are due to PHP programming mistakes in:
"http://users.[CITY_NAME].cityinfo.pl/";;
"http://users.[CITY_NAME].cityaz.de/";;
"http://[CITY_NAME].cityinfo.pl/firma.php";;
"http://[CITY_NAME].cityinfo.pl/page_tpl.php";;
"http://[CITY_NAME].cityaz.de/firma.php";;
"http://[CITY_NAME].cityaz.de/page_tpl.php";;
"https://users.[CITY_NAME].pl/";;
"https://users.[CITY_NAME].de/";;
"https://[CITY_NAME].cityinfo.pl/";;
"https://[CITY_NAME].cityaz.de/";.
CITY_NAME - name of the city in Poland or Germany.
Probably there are more flaws, which were not discovered during research.
Examples:
=========
http://users.krakinfo.pl/index.php?msg=<script>alert(document.cookie);</script>
http://www.krakinfo.pl/firma.php?id=-1%20union%20select%20*%20from%20uzytkownicy
References:
===========
www.cityinfo.pl
stats.inetmedia.pl/cityinfo.php
www.cityaz.de
stats.inetmedia.pl/cityaz.php
www.inetmedia.pl
Credits:
========
Vulnerabilities were found by:
Łukasz Juszczyk a.k.a kahir,
Filip Palian a.k.a s_n.
Feedback:
=========
<lukasz.juszczyk at pjwstk.edu.pl>
<filip.palian at pjwstk.edu.pl>
Additional information:
=======================
Vulnerability reported to Inetmedia on 25-06-06 at 14:30.
Acknowledgment:
===============
[DFT]