[newangels-team.eu #10] DGNews - Cross Site Scripting Vulnerability
====================================================================

Vendor site => http://www.diangemilang.com

Date:
Jun 18 2006

Risk = MEDIUM

Version:
1.5.1

Credit:
=======
NewAngels Team - Discovered By LBDT - newangels-team.eu

Description:
DGNews is simple news publishing. Feature: add unlimited categories,
automatic news image thumbnailed and many
others. This script need MySQL and phpmyadmin for dump the database. Open
config.php in admin folder and change any
fields. Thats all.

Affected file:
search.php

An attacker can execute html code because chars like "<" and ">" aren't
filtered in sql query:

$pilih=mysql_query("select * from news_main where title like '%".$sowhat."%'
or full like '%".$sowhat."%'");

Example:
http://www.site.com/dgnews/search.php?sowhat=[XSS]<http://www.site.com/dgnews/search.php?sowhat=%5BXSS%5D>

Google search -> "Powered: DGNews"