by r0t,der4444,cembo,VietMafia

Wednesday, November 23, 2005

ezyhelpdesk Multiple Sql inj.

ezyhelpdesk Multiple Sql inj.
Vuln. dicovered by : r0t
Date 23 nov. 2005
Vendor:http://www.ezyhelpdesk.com
affected version: 1.0 and prior

Software description:
ezyhelpdesk is an instrumental piece of software for managing customer support/sales and other departments online - it allows you to streamline your business support and will save your clients time and money.
ezyhelpdesk is based on php and uses a MySQL backend, ezy helpdesk has been thoroughly programmed and tested on various systems in different situations.

Vuln. Description:

1.
Input passed to the "edit_id" ,"faq_id","c_id" parameter is not sanitised properly before being used in a SQL query. This can potentially be exploited to manipulate SQL queries by injecting arbitrary SQL code.

/?edit=spec_view&edit_id=[SQL]
/?mid=41&m2id=42&page=1&faq_id=[SQL]
/?mid=41&m2id=42&page=1&c_id=[SQL]

2.
Input passed to the search engine is not sanitised properly before being used in a SQL query. This can potentially be exploited to manipulate SQL queries by injecting arbitrary SQL code.


Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew