mooSocial Cross-Site Scripting and SQL Injection Vulnerabilities


Description   Esac has reported multiple vulnerabilities in mooSocial, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
1) Input appended to the URL after blogs/view is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) Input appended to the URL after tags/view, albums/ajax_browse, blogs/ajax_browse, topics/ajax_browse, groups/ajax_browse, videos/ajax_browse, and groups/view is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) Input passed via the "source_id" POST parameter to videos/ajax_embed is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in version 1.3.3. Other versions may also be affected.
     
Vulnerable Products   Vulnerable Software:
mooSocial 1.x
     
Solution   No official solution is currently available.
     
CVE  
     
References   http://iss4m.ma/2013/08/25/moosocial-1-3-multiple-vulnerabilites/
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Directory traversal - parameter starting with ../
3.2.0
Directory traversal using ..\..
3.2.0
Directory traversal
3.2.0
Directory traversal backward root folder
3.2.0
Escaped NULL char in URL
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2013-08-26 

 Target Type 
Server 

 Possible exploit 
Remote