by r0t,der4444,cembo,VietMafia

Friday, November 25, 2005

Systems Panel v1.0.x Multiple SQL inj.

Systems Panel v1.0.x Multiple SQL inj.
Vuln. dicovered by : r0t
Date: 25 nov. 2005
Vendor:www.sysbotz.com
Product link:http://www.sysbotz.com/products/systemspanel/index.htm
affected vesion: 1.0.6 and prior


Vuln. Description:
Input passed to the "cid" parameter in "knowledgebase/index.php" isn't properly sanitised before being used in a SQL query.
Input passed to the "aid" parameter in "knowledgebase/view.php" isn't properly sanitised before being used in a SQL query.
Input passed to the "cid" parameter in "contact/update.php" isn't properly sanitised before being used in a SQL query.
Input passed to the "letter" parameter in "links/index.php" isn't properly sanitised before being used in a SQL query.
Input passed to the "mid" parameter in "messageboard/view.php" isn't properly sanitised before being used in a SQL query.
Input passed to the "tid" parameter in "tickets/view.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

examples:
/systemspanel/knowledgebase/index.php?cid=[SQL]
/systemspanel/knowledgebase/view.php?aid=[SQL]
/systemspanel/contact/update.php?cid=[SQL]
/systemspanel/links/index.php?letter=A[SQL]
/systemspanel/messageboard/view.php?mid=[SQL]
/systemspanel/tickets/view.php?tid=[SQL]

Solution:

Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew