by r0t,der4444,cembo,VietMafia

Monday, November 28, 2005

Ugroup 2.6.2 SQL inj. vuln.

Ugroup 2.6.2 SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 28 nov. 2005
Vendor:http://www.realsoftstudio.com/Ugroup/
affected version:2.6.2 and prior


Product Description:

A Software discussion platform written in PHP & Mysql
Ugroup is a Discussion Board application developed in PHP and uses MySQL as a database server.With Ugroup, users will be able to post question, comments and ideas on to different discussion groups on your web site.An Administrator will be able to create the custom discussion group and assign users. Among some of the new features in this edition:Includes the ability to approve or disqualify a message.Create your own private discussion area, where only the selected users will be able to post/view the messages.Read only discussion, where you and the selected users will be able to post articles and messages, but all would be able to only read


Vuln. description:

Input passed to the "FORUM_ID" parameter in "forum.php" and " CAT_ID", "FORUM_ID","TOPIC_ID" in "topic.php" , isn't properly sanitised before being used in a SQL query.This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
/forum.php?FORUM_ID=[SQL]
/topic.php?CAT_ID=1&FORUM_ID=1&TOPIC_ID=[SQL]
/topic.php?CAT_ID=1&FORUM_ID=[SQL]
/topic.php?CAT_ID=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew