by r0t,der4444,cembo,VietMafia

Tuesday, November 29, 2005

Orca Ringmaker SQL inj. vuln

Orca Ringmaker SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 29 nov. 2005
affected version: 2.3c and prior

Product Description:
The Orca Ringmaker allows you to host a full-featured webring on your site using PHP and MySQL. Many intuitive options and controls allow you to easily setup your ring just the way you want.

Vuln Description:
Input passed to the "start" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


Edit the source code to ensure that input is properly sanitised.


Anonymous GreyWyvern told...

Vendor patch 2.3d

11:28 PM


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew