by r0t,der4444,cembo,VietMafia

Wednesday, November 23, 2005

Top Auction Multiple SQL Vuln.

Top Auction Multiple SQL Vuln.
Vuln. dicovered by : r0t
Date 23 nov. 2005
Vendor:http://www.phplabs.com/
Product link:http://www.phplabs.com/scripts.php?script=Top%20Auction
affected version: Top Auction

Vuln. Description:
1. viewcat.php
Input passed to the "category" and "type" parameter in "viewcat.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

/viewcat.php?category=[SQL]
/viewcat.php?category=3&type=[SQL]

2. search.php
Top Auction "search.php" contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search feature not properly sanitizing user-supplied input.
This may allow an attacker to inject or manipulate SQL queries in the backend database.Additionally, if a failed query is performed, the program will disclose the software's installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Solution:
Edit the source code to ensure that input is properly sanitised.

1 Comments:

Anonymous adult told...

thanks
auction

3:22 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew