CMS DLE + uLogin. Module errors

    Introduction


    A month ago, when I was working with DLE and the uLogin module, I noticed that the module had a suspiciously simple check of incoming data and decided to check it.

    My suspicions were confirmed.


    Details


    The main error is that all incoming data is practically not filtered in any way, there is only the function of quotes escaping. But this is not enough for CMS DLE.

    The login is made up of the name and surname, but nothing bothers us in social services. network or when filling out additional data indicate spec. characters, for example, a single quote.

    The screenshot showed an SQL error when trying to change the rating of the news.
    image

    Only due to the fact that there is a limitation of the name field (40 characters) in the dle_users table, SQL injection cannot be performed.
    But we already know the table prefix.

    You can also arrange an XSS attack, as First and last name data is stored in the fullname field , which has a limit of 100 characters.

    image

    Thanks to this error, you can implement a banal alert or connect a js file.

    On the same day when I found this error, I sent a notification to those. uLogin support, but so far nothing has changed ...

    Also popular now: