This is a nonexistent vulnerability. The unsanitized variable =20
referenced is only used in the Javascript on the page and is never =20
passed back for processing by the PHP code, much less in any SQL =20
statement. Furthermore, the page that this summary references is only =20=
accessible by users who have administrative access to the site and =20
not by random external users.
In the future Mr "xoxland", it might be good for you to let the =20
developers of the software know about your discoveries before you go =20
public with them. In this way, you can avoid the embarrassment of =20
issuing false advisories as well.
Victor
*definitely NOT speaking for the MODx dev team - these are personal =20
opinions*
On Oct 8, 2007, at 11:35 PM, xoxland@gmail.com wrote:
> New Advisory:
> modx-0.9.6
> http://www.dear-pets.com
>
> =97=97=97=97=97=97=96Summary=97=97=97=97=97-
> Software: modx-0.9.6
> Sowtware=92s Web Site: http://www.modxcms.com
> Versions: 0.9.6
> Critical Level: Moderate
> Type: Multiple Vulnerabilities
> Class: Remote
> Status: Unpatched
> PoC/Exploit: Not Available
> Solution: Not Available
> Discovered by: http://www.dear-pets.com
>
> =97=97=97=97=97=96Description=97=97=97=97=97
> 1. SQL Injection.
>
> Vulnerable script: mutate_content.dynamic.php
>
> Parameters =91documentDirty=92, =91modVariables=92 is not
> properly sanitized before being used in SQL query. This can be used to
> make SQL queries by injecting arbitrary SQL code.
>
> Condition: magic_quotes_gpc =3D off
>
> =97=97=97=97=96PoC/Exploit=97=97=97=97=97=97=97-
> Waiting for developer(s) reply.
>
> =97=97=97=97=96Solution=97=97=97=97=97=97=97
> No Patch available.
>
> =97=97=97=97=96Credit=97=97=97=97=97=97=97=96
> Discovered by: http://www.dear-pets.com
討論串 (同標題文章)