by r0t,der4444,cembo,VietMafia

Monday, May 08, 2006

Creative Community Portal vuln.

###############################################
Vuln. discovered by : r0t (Pridels Sec Crew)
Date: 8 may 2006
vendor:www.creative-software.co.uk/community2.html
affected versions:1.1 and prior
###############################################


Vuln. Description:


Creative Community Portal contains a multiple flaws that allows a remote sql injection attacks.Input passed to the "forum_id" parameter in "DiscView.php" and "Discussions.php" ,input passed to the "article_id" parameter in "ArticleView.php" and input passed to the "event_id" parameter in "EventView.php" and input passed to the "answer_id","AddVote" parameter in "PollResults.php" and input passed to the "mid" parameter in "DiscReply.php" isn't properly sanitised before being used in a SQL query.
Input passed to the "prod_id" parameter in "cart.php" and "product_info.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


examples:

/ArticleView.php?article_id=[SQL]
/DiscView.php?mid=144&forum_id=[SQL]
/Discussions.php?forum_id=[SQL]
/EventView.php?event_id=[SQL]
/PollResults.php?answer_id=32&AddVote=[SQL]
/PollResults.php?answer_id=[SQL]
/DiscReply.php?forum_id=1&mid=[SQL]


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew