by r0t,der4444,cembo,VietMafia

Monday, November 28, 2005

Softbiz Resource Repository Script SQL vuln.

Softbiz Resource Repository Script SQL vuln.
Vuln. dicovered by : r0t
Date: 28 nov. 2005
Vendor:www.softbizscripts.com/resource-repository-script-features.php
affected version: 1.1 and prior


Product Description:
Softbiz Resource Repository Script is an Extensive and Powerful script written in PHP. It is a quick way to start you own top quality resource repository site like hotscripts.com, resourceindex.com etc. FULLY customizable colors and graphics of the site make this script VERY SPECIAL. It has potential to generate very heavy revenues for you. Script is built with focus on increase ease of users and profits of webmasters


Vuln. description:
Input passed to the "sbres_id" parameter in "details_res.php","refer_friend.php" , "report_link.php" ; and "sbcat_id" parameter in "showcats.php" isn't properly sanitised before being used in a SQL query.This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

/details_res.php?sbres_id=[SQL]
/showcats.php?sbcat_id=[SQL]
/refer_friend.php?sbres_id=1[SQL]
/report_link.php?sbres_id=1[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew