|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA21881] webSPELL Authentication Bypass and SQL Injection
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Sep 13 2006 - 09:17:05 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
webSPELL Authentication Bypass and SQL Injection
SECUNIA ADVISORY ID:
SA21881
VERIFY ADVISORY:
http://secunia.com/advisories/21881/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, Manipulation of data, Exposure of sensitive
information
WHERE:
From remote
SOFTWARE:
webSPELL 4.x
http://secunia.com/product/8086/
DESCRIPTION:
Some vulnerabilities have been discovered in webSPELL, which can be
exploited to by malicious people to disclose certain sensitive
information and conduct SQL injection attacks.
1) An error exists in the authentication process, which can be
exploited to disclose the contents of the used database.
Example:
http://[host]/admin/database.php?action=write&userID=1
Successful exploitation requires that "register_globals" is enabled.
2) Input passed to the "squadID" parameter in squads.php is not
properly sanitised before being used in a SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.
Example:
http://[host]/index.php?site=squads&action=show&squadID=[code]
Successful exploitation requires that "magic_quotes_gpc" is
disabled.
The vulnerabilities have been confirmed in version 4.01.01. Other
versions may also be affected.
SOLUTION:
Apply patches.
1) http://cms.webspell.org/index.php?site=files&file=15
2) http://cms.webspell.org/index.php?site=files&file=11
PROVIDED AND/OR DISCOVERED BY:
1) Trex
ORIGINAL ADVISORY:
1) http://milw0rm.com/exploits/2352
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]