by r0t,der4444,cembo,VietMafia

Monday, November 28, 2005

Zainu 2.x SQL inj. vuln.

Zainu 2.x SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 28 nov. 2005
Vendor:http://www.zainu.com
affected version: 2.x and prior


Product Description:

Zainu lets you create and maintain professional music videos website, simply the best software for excellent websites! it uses database to store videos songs. Zainu can add/remove songs to playlist, mail a song, search by artist/albums/songs, download option for songs, add/approve/delete lyrics, rate songs and albums, view songs times played, buy song or buy album, multiple songs can be added at once from admin control panel ! it supports all audio formats ram/rpm/rm/wav/mp3/wma/as f... you and your users can create unlimited playlist and save your favorite songs to any of your created playlist. You can show top songs, top albums, top artists, top genres, top songs by genres, members playlist, view 5 new searches, play selected, play all, playlist creator, embedded player with songs/album/artist information with album/aritst covers! your users can upload multiple songs, artist/albums gallery! Completly Automatic Update Music Videos system. New Version features Shopping Cart, Artist/Album Gallery!


Vuln. description:
Input passed to the "term" and "start" parameters isn't properly sanitised before being used in a SQL query.This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.



example:
/index.php?in=song&term=[SQL]&action=search&start=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew