by r0t,der4444,cembo,VietMafia

Monday, November 28, 2005

Omnistar KBase SQL inj, vuln.

Omnistar KBase SQL inj, vuln.
Vuln. dicovered by : r0t
Date: 28 nov. 2005
Vendor:http://www.omnistarkbase.com/
affected version:4.0 and prior

Product Description:
Omnistar KBase is a dynamic knowledgebase management system that allows you to create a repository of searchable and useful information for your web site visitors. It comes feature packed with many dynamic functions such as an optional FAQ section, a customizable user interface, a user feedback section a built in glossary feature for word definitions and much more! It can be easily installed in minutes on any Linux server or hosted on our servers through our hosted option.

Vuln. description:
Input passed to the "article_id" parameter in "comments.php" and "category_id" "id" in "kb.php" isn't properly sanitised before being used in a SQL query.This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

examples:
/users/comments.php?article_id=[SQL]
/users/kb.php?category_id=[SQL]
/users/kb.php?id=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew