by r0t,der4444,cembo,VietMafia

Monday, April 10, 2006

Papoo Multiple SQL vuln.

Papoo Multiple SQL vuln.

###############################################
Vuln. discovered by : r0t
Date: 10 april 2006
vendor:http://www.papoo.de/
affected versions: 2.1.5 & 3 beta1 and previous
###############################################

Vuln. description:

Papoo contains a flaw that allows a remote sql injection attacks.Input passed to the "getlang","reporeid" parameters in "index.php" and Input passed to the "msgid" ,"menuid" parameters in "forumthread.php" and Input passed to the "menuid" parameter in "plugin.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


examples:

/index.php?getlang=[SQL]
/plugin.php?menuid=[SQL]
/index.php?menuid=&reporeid=[SQL]
/forumthread.php?forumid=1&menuid=1&rootid=9895&msgid=[SQL]
/forumthread.php?forumid=1&menuid=[SQL]




###############################################

Aditional info: I did discovered and reported about some sql vulns in Papoo 2.1.2 @ 21.december 2005, and nothing was fixed.
Than Dj_Eyes, Crouz Security Team. had discovered similar vuln.It was in 2.1.4 version @ 2006-02-09..

So, i didnt check if old reported bugs are fixed, just saw that "menuid" is still good one:)

So, GreetZ to Vendors!

here u got refs:

http://pridels.blogspot.com/2005/12/papoo-multiple-sql-vuln.html
http://secunia.com/advisories/18152/

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

1 Comments:

Anonymous Anonymous told...

:)))=) lamerz of indonesia

http://security.nnov.ru/Mdocument233.html

8:43 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew