# Title: [SQL injection vulnerability in Natychmiast CMS]
# Date: [03.03.2010]
# Author: [Ariko-Security]
# Software Link: [http://www.natychmiast-cms.pl/]
# Version: [ALL]


============ { Ariko-Security - Advisory #2/3/2010 } =============

      SQL injection and XSS vulnerability in NATYCHMIAST CMS



Vendor's Description of Software:
# http://www.natychmiast-cms.pl/Natychmiast+CMS.html [Polish]

Dork:
# N/A

Application Info:
# Name: NATYCHMIAST CMS
Vulnerability Info:
# Type: SQL injection and XSS Vulnerability
# Risk: medium

Fix:
# N/A

Time Table:
# 03/03/2010 - Vendor notified.

Input passed via the "id_str" parameter to index.php and a_index.php is not properly sanitised before being used ... Read more »

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

o PROBLEM DETAILS

The Juniper Secure Access (SA) web interface allows users to manage the
bookmarks on their landing page. This bookmark management functionality
does not filter user input properly and can allow cross site scripting
attacks.

Upon modification or creation of a bookmark, the editbk.cgi script is
requested with a parameter named "row".  This parameter identifies the
bookmark in question and its value is used in the server response.  It is a
flaw in the input handling of this "row" parameter that makes the appliance
vulnerable to a cross site scripting attack.

Successful exploitation could allow a remote attacker to hijack an
authenticated session between a victim and the Juniper SA web interface.

Usage of the Single Sign-On (SSO) feature will severely increase the impact
as SSO automatically grants the hijacked session access to ot ... Read more »