by r0t,der4444,cembo,VietMafia

Tuesday, November 29, 2005

FAQ System 1.1 SQL inj. vuln.

FAQ System 1.1 SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 29 nov. 2005
Vendor:http://ilyav.net/?q=node/23
affected version: 1.1 and prior

Product Description:
This extremely detailed Frequently Asked Questions application has been developed as a senior project in the CIS program at UNF under Dr. Solano. It was developed for the Advising Department but to this day has not been implemented on their website due to lack of funds.


Vuln. description:
Input passed to the "FAQ_ID" and "action" and "CATEGORY_ID" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


examples:
/viewFAQ.php?action=edit&FAQ_ID=[SQL]
/viewFAQ.php?action=[SQL]
/index.php?SEARCH_KEYS=&CATEGORY_ID=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew