by r0t,der4444,cembo,VietMafia

Monday, November 28, 2005

K-Search Multiple vuln.

K-Search Multiple vuln.
Vuln. dicovered by : r0t
Date: 28 nov. 2005
Vendor:http://turn-k.net/k-search
affected version:1.0 and prior

Product Description:

K-Search is very fast and highly customizable meta-search engine. It queries Google, AltaVista, MSN, Inktomi, FAST, Teoma, LookSmart and dmoz simultaneously and uses effective algorithm to determine the finest results. The script contains a built-in PPC (Pay Per Click) system that allows sponsors to place their paid results for specified keywords (payment integration with PayPal and 2CheckOut). Search results can be cached in database to speed up popular searches. Search queries are logged to offer search suggestions. Advanced search. User search preferences. Multilanguage ready - can be translated through language file.

Vuln. description:

1.
Input passed to the "term" parameter in "index.php" isn't properly sanitised before being used in a SQL query.This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

examples:
/index.php?term=%23%25%23term%23%25%23&sm
=Mekl%E7t&source=1&req=search

/index.php?term=%28%27r0t+checker%27%29&sm
=Mekl%E7t&source=1&req=search

2.
Input passed to the many parameters in "index.php" isn't properly sanitised before being used in a SQL query (Below examples).This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

examples:
/index.php?req=edit&id=[SQL]
/index.php?req=view&act=stat_all&stat=[SQL]
/index.php?req=view&act=status&id=1&stat=[SQL]
/index.php?req=view&act=status&id=[SQL]
/index.php?req=delsite&id=[SQL]
/index.php?req=search&source=[SQL]

3.
Into "/index.php?req=add" , upload image parameters isn't properly sanitised before being used in a SQL query. Attacker can get full instalisation path.

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew