|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA12738] PHPLinks SQL Injection and Arbitrary Local File Inclusion Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Oct 06 2004 - 08:07:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
PHPLinks SQL Injection and Arbitrary Local File Inclusion
Vulnerabilities
SECUNIA ADVISORY ID:
SA12738
VERIFY ADVISORY:
http://secunia.com/advisories/12738/
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data, Exposure of system information, Exposure of
sensitive information
WHERE:
From remote
SOFTWARE:
PHPLinks 2.x
http://secunia.com/product/4010/
DESCRIPTION:
LSS Security Team has discovered two vulnerabilities in PHPLinks,
which can be exploited by malicious people to conduct SQL injection
attacks and execute arbitrary local PHP scripts.
1) Input passed to the "ID" parameter is not properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
2) Input passed to the "show" parameter in "index.php" is not
properly verified, before it is used to include files. This can be
exploited to include arbitrary files from local resources and allows
execution of arbitrary local PHP code.
The vulnerabilities have been confirmed on version 2.1.3.1. Other
versions may also be affected.
SOLUTION:
1) Set "magic_quotes_gpc" to "On".
2) Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
LSS Security Team
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]