<<< Date Index >>>     <<< Thread Index >>>

Re: Vulnerabilities

This is a nonexistent vulnerability. The unsanitized variable referenced is only used in the Javascript on the page and is never passed back for processing by the PHP code, much less in any SQL statement. Furthermore, the page that this summary references is only accessible by users who have administrative access to the site and not by random external users.
In the future Mr "xoxland", it might be good for you to let the developers of the software know about your discoveries before you go public with them. In this way, you can avoid the embarrassment of issuing false advisories as well. 

Victor
*definitely NOT speaking for the MODx dev team - these are personal opinions* 


On Oct 8, 2007, at 11:35 PM, xoxland@xxxxxxxxx wrote:


 New Advisory:
modx-0.9.6
http://www.dear-pets.com

——————–Summary—————-
Software: modx-0.9.6
Sowtware’s Web Site: http://www.modxcms.com
Versions: 0.9.6
Critical Level: Moderate
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched
PoC/Exploit: Not Available
Solution: Not Available
Discovered by: http://www.dear-pets.com

—————–Description—————
1. SQL Injection.

Vulnerable script: mutate_content.dynamic.php

Parameters ‘documentDirty’, ‘modVariables’ is not
properly sanitized before being used in SQL query. This can be used to
make SQL queries by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

————–PoC/Exploit———————-
Waiting for developer(s) reply.

————–Solution———————
No Patch available.

————–Credit———————–
Discovered by: http://www.dear-pets.com