Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| vbPortal 'auth.inc.php' Input Validation Flaw Lets Remote Users Inject |
|---|
Categorie: Vulnerability
Posted: 2003-09-16 by ReCall
Views: 415
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: A vulnerability was reported in vbPortal. A remote user can inject SQL commands to be executed by the underlying database server.
Frog-m@n reported that the 'auth.inc.php' script does not properly validate user-supplied input. A remote user can submit a specially crafted value for the 'admin' variable to cause user-specified SQL commands to be executed by the database server.
For example, a remote user can craft a request to execute the following SQL:
SELECT password as pwd FROM user WHERE username = '' OR 1=1 INTO OUTFILE '/complete/path/UserTable.txt'
This demonstration exploit will reportedly cause the passwords from the 'user' table to be written into a file ('UserTable.txt') that can then be downloaded via the web server [the commands are Base64 encoded]:
http://[target]/auth.inc.php?admin=JyBPUiAxP TEgSU5UTyBPVVRGSUxFICcvY29tcGxldGUvcGF0aC9Vc2VyVGFibGUudHh0OjE=
Impact: A remote user can cause SQL commands to be executed on the underlying database server.
Solution: No solution was available at the time of this entry.
An unofficial patch is available at:
http://www.phpsecure.info/
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=434
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
