|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
SQL injections in PortailPHP
From: CENSORED (censored
mail.ru)
Date: Sat May 21 2005 - 18:09:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
svadvisory*5
-------------------------------------------------------------
Title: SQL injections in PortailPHP |
The program: PortailPHP v 1.3 |
Homepage: http://www.portailphp.com/ ------------
Has found: CENSORED | 14.05.05 |
-------------------------------------------------------------
The description
-------------------------------------------------------------|
Vulnerability has been found in parameter "id". If this variable
Any value it is possible to replace it with a sign ' is transferred
Since this parameter is involved in all modules, all of them
Are vulnerable.
It occurs because of absence of a filtration of parameter id.
Examples
-------------------------------------------------------------|
http://example/index.php?affiche=News&id='[SQL inj]
http://example/index.php?affiche=File&id='[SQL inj]
http://example/index.php?affiche=Liens&id='[SQL inj]
http://example/index.php?affiche=Faq&id='[SQL inj]
The conclusion
-------------------------------------------------------------|
Vulnerability is found out in version 1.3, on other versions
Did not check. Probably they too are vulnerable.
*************************************************************
CENSORED || Search Vulnerabilities Team || www.svt.nukleon.us
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]