by r0t,der4444,cembo,VietMafia

Wednesday, November 23, 2005

Web Host Directory Script Multiple vuln.

Softbiz Web Host Directory Script Multiple vuln.
Vuln. dicovered by : r0t
Date: 23 nov. 2005
Vendor:www.softbizscripts.com
Product link:http://www.softbizscripts.com/web-hosting-directory-script.php
affected version:1.1 and prior

Product Description:

Softbiz Web Host Directory Script is an advanced PHP script to run your own web host comparison site. Since companies in web hosting industry offer very high volumes of affiliate commissions, hence this script has a great potential to generate very heavy revenues for you.FULLY customizable colors and graphics of the site make this script VERY SPECIAL.


Vuln Description:

1. Multiple SQL vuln.

Input passed to the "cid" parameter in "search_result.php" and "browsecats.php" isn't properly sanitised before being used in a SQL query.
Input passed to the "sbres_id" parameter in "review.php" isn't properly sanitised before being used in a SQL query.
Input passed to the "h_id" parameter in "email.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


/search_result.php?cid=[SQL]
/review.php?sbres_id=[SQL]
/browsecats.php?cid=[SQL]
/email.php?&h_id=[SQL]

2. SQL in search module

Softbiz Web Hosting Directory Script search engine contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search feature not properly sanitizing user-supplied input.
This may allow an attacker to inject or manipulate SQL queries in the backend database.Additionally, if a failed query is performed, the program will disclose the software's installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew