[SECURITY] [3/5] Xomol CMS Local File Inclusion and SQL Injection

Nov 8, 2006
26,293
48
48
freesteam.net
#1
DNX has discovered some vulnerabilities in Xomol CMS, which can be exploited by malicious people to disclose potentially sensitive information or conduct SQL injection attacks.


Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/

Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.

More...
 
Dec 18, 2007
9
0
0
#2
This is a good example of why we should use magic quotes and filter chars from URLS

Checking user input is vital to not having your web page defaced by script kiddies who like milw0rm
 

xomdev

New Member
Feb 20, 2009
0
0
0
#3
The XSS security issue on Xomol CMS has been fixed since Xomol V. 1.5.2.2

Hello Programmers of the Wolrd

This is Juan Tepec, one of the main developers of Xomol CMS.
The XSS security issue has been fixed since Xomol V. 1.5.2.2.
Thanks 2 u all for testing and helping us develop Xomol CMX.

Best Regards
Juan Tepec