by r0t,der4444,cembo,VietMafia

Saturday, December 03, 2005

phpYellowTM Pro Edition SQL inj. vuln.

phpYellowTM Pro Edition SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 3 dec. 2005
Vendor:http://phpyellow.com/
affected version: phpYellowTM Pro Edition 5.33 and phpYellowTM Lite Edition 5.33

Product Description:

Profit from web yellow pages. Brandable interface. Recurring revenue potential. Easily create web yellow pages. phpYellow Pro EditionTM is the software of choice for making and managing web yellow pages. Secure. Stealth EmailTM protects 100% of listing email addresses. Member & Webmaster login. Online demo. PHP/MySQL open source, no encryption, has source code comments. Flexible and varied searches include Search by Map, Keyword, Smart BrowseTM, HyperSearchTM, Find Needle in Haystack, State Search, Category and City Search, Sub-index. Search and public display template is customizable with PHP programming skills. Free, paid and renamable listing types. Set your own prices. Paypal gateway included. Customization and installation is also available for an additional fee. This is the ORIGINAL phpYellow Pages. Try our online demo or download the free Lite Edition. See how easy it is to start your own online business directory - with revenue potential.

Vuln. Description:


Input passed to the "haystack" parameter in "search_result.php" and "ckey" parameter in "print_me.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


example:
/search_result.php?search=url&haystack=[SQL]
/print_me.php?ckey=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

2 Comments:

Anonymous Anonymous told...

fwfwffwef

3:09 AM

 
Anonymous web site hosting cgi free told...

Hey, just a quick hello from someone in Central America.
web site hosting cgi free
Charles

4:47 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew