by r0t,der4444,cembo,VietMafia

Tuesday, November 29, 2005

Orca Ringmaker SQL inj. vuln

Orca Ringmaker SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 29 nov. 2005
Vendor:http://www.greywyvern.com/orca#ring
affected version: 2.3c and prior

Product Description:
The Orca Ringmaker allows you to host a full-featured webring on your site using PHP and MySQL. Many intuitive options and controls allow you to easily setup your ring just the way you want.

Vuln Description:
Input passed to the "start" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
/ringmaker?start=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

1 Comments:

Anonymous GreyWyvern told...

Vendor patch 2.3d
http://www.greywyvern.com/orca#ring

11:28 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew