Welcome to ALLSeek.iNFO - Security related portal. Search crack, serial number, keygen, patch, activation unlock code - XOOPS WebChat Module Input Validation Flaw Lets Remote Users Inject and Execute SQL Commands on the Underlying Database Server

Press CTRL-D to bookmark us

Welcome Guest

Main Menu

Network

Sponsor

Top 10 Sites

Partners

Top Submit news Subscribe

Previous article Back to news list Next article

Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?

XOOPS WebChat Module Input Validation Flaw Lets Remote Users Inject and Execute SQL Commands on the Underlying Database Server

Categorie: Vulnerability
Posted: 2002-11-18 by ReCall
Views: 388
Source: Click here

Current Rating: Not rated

Details

Description: An input validation vulnerability was reported in the XOOPS WebChat Module. A remote user can execute SQL commands on the database server.

It is reported that the software processes user-supplied input for the '$roomid' variable without properly filtering the input. A remote user can create a specially crafted value for that variable to execute SQL commands on the underlying SQL server.

Impact: A remote user can execute arbitrary SQL commands on the underlying SQL database server.

Solution: No solution was available at the time of this entry.

The author of the report has provided an unofficial patch, available in the Source Message and at:

http://www.phpsecure.org/tutos/webchat.1-5.xoops.rc3.sql.injection.txt

Syndication

Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=322

User comments (post your comments here)

Only registerd members can post comments and articles

Previous article Back to news list Next article

InterJOB.su

LAST QUERIES