by r0t,der4444,cembo,VietMafia

Friday, November 25, 2005

AgileBill 1.4.x "id" sql injection.

AgileBill "id" parameter sql injection.

Vuln. dicovered by : r0t
Date: 25 nov. 2005
affected vesion: 1.4.92 and possible prior versions.

Product Description:
AgileBill features a powerful ticket system that seamlessly integrates with its comprehensive billing and account management tools geared for multiple industries, including digital goods, web hosts, ISPs, and VOIP providers. The Ticket system supports e-mail piping via POP and IMAP accounts, unlimited staff with configurable permissions, unlimited departments with customizable group requirements so you can sell access to clients needing varying support levels, as well as powerful search and reporting capabilities. With AgileBill, there is no need to maintain separate systems for account registration, management, and authentication as it handles all this as well as billing, invoicing, and reporting on the commerce side. Other available plugins for AgileBill include Affiliates, Campaign Tracking, Web Hosting & Domain Automation, Integration with popular CMS and Forum Systems, Content Protection for sellers of Digital Goods, and much more.

Vuln. Description:
In to product_cat parameter "id" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


Edit the source code to ensure that input is properly sanitised.


Anonymous Anonymous told...

This injection report is bogus, see:

INSERT and UPDATE queries, but also to SELECT queries.

"No doubt many PHP developers have been saved from the worst SQL injection attacks by the limitations of MySQL, which will only allow a single SQL statement to be performed with each call to mysql_query."

Apparently, the author of this blog should brush up on mysql and php.

11:23 PM


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew