by r0t,der4444,cembo,VietMafia

Thursday, December 01, 2005

Lore SQL inj. vuln.

Lore SQL inj. vuln.

Vuln. dicovered by : r0t
Date: 1 dec. 2005
Vendor:http://www.pineappletechnologies.com/products/lore/
affected version: Tested on 1.5.4

Product Description:
Lore is a professional knowledge base management system powered by PHP and MySQL.
Lore allows you to quickly and easily organize frequently asked questions, articles, and documentation into a categorized and searchable knowledge base.

Vuln. description:
Input passed to the "id" parameter in "article.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
/article.php?id=1[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew