by r0t,der4444,cembo,VietMafia

Tuesday, November 29, 2005

Survey System 1.1 SQL inj. vuln.

Survey System 1.1 SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 29 nov. 2005
Vendor:http://ilyav.net/?q=node/22
affected version:1.1 and prior

Product Description:
This extremely detailed Survey application has been developed as a senior project in the CIS program at UNF under Dr. Solano. It was developed for the Advising Department but to this day has not been implemented on their website due to lack of funds.
With Dr. Solano’s and my coauthors’ permission I am making this program available under the GPL license. The Survey system requires MySQL and PHP to run.

Vuln. description:
Input passed to the "SURVEY_ID" parameter in "survey.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
/survey.php?SURVEY_ID=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew