by r0t,der4444,cembo,VietMafia

Friday, November 25, 2005

DMANews Multiple SQL inj. vuln.

DMANews Multiple SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 25 nov. 2005
Vendor:http://www.dmanews.com/
affected version: 0.904 (latest downloadable version) and v0.910 [Development version]

Product description:

Popular, powerful, secure. DMANews focuses on ease of use and flexible customisation. With excellent documnetation and a choice of 4 beautiful control panels, it installs in 5 minutes flat with easy interactive walkthrough script. Save yourself some time and check out the (always working!) online demo for an immediate appraisal. Requires PHP4 & MySQL.

Vuln. Description:

Input passed to the multiple parameters isn't properly sanitised before being used in a SQL query( examples provided,see below). This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

examples:

/index.php?action=comments&id=[SQL]
/index.php?action=news_list&navigation=1&sortorder=unixtime&
sortdirection=DESC&start_item=4&display_num=[SQL]
/index.php?action=news_list&navigation=1&sortorder=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew