by r0t,der4444,cembo,VietMafia

Sunday, December 18, 2005

ODFaq SQL inj. vuln.

ODFaq SQL inj. vuln.

Vuln. discovered by : r0t
Date: 18 dec. 2005
affected version: 2.1.0 and prior

Product Description:

PHP application that allows you to manage frequently asked questions. You can create/edit/delete entries using user-friendly web based interface.

Vuln. Description:

ODFaq contains a flaw that allows a remote sql injection attacks.Input passed to the "cat" "srcText" parameter in "faq.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code




Edit the source code to ensure that input is properly sanitised.
PS. greetingĀ“s to OSVDB Bloger's:)


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew