 |
|
|
|
|
|
|
|
|
|
|||||||
 |
|
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
|
2004-12-10, 04:25 PM
|
#1 |
|
a.k.a. Sparky
Join Date: Sep 2004
Location: West Palm Beach, FL, USA
Posts: 2,396
|
AutorankPHP Remote Exploit via SQL Injection
Software: AutorankPHP
Title: [FW-004] accounts.php remote login exploit via SQL Injection Summary: Ability to remotely log in and change account information with minimal information about accounts Description: Using a specially crafted username, one can log into a trade's account in AutorankPHP and change data including username, password, email account Impact: Traffic can be redirected to other urls, account information changed Workaround: Modify accounts.php and add $_POST['Username'] = mysql_real_escape_string($_POST['Username']); $_POST['Password'] = mysql_real_escape_string($_POST['Password']); after the <?php. This does not prevent other SQL injection attacks, but does prevent a malicious user from getting in without a password. References: http://firewall.com/advisories/autorankphp.html Risk Factor: Medium
__________________
SnapReplay.com a different way to share photos - iPhone & Android |
|
|
|
2004-12-10, 08:56 PM
|
#2 |
|
a.k.a. Sparky
Join Date: Sep 2004
Location: West Palm Beach, FL, USA
Posts: 2,396
|
http://secunia.com/advisories/10467/
Supposedly already found and fixed -- I guess that doesn't explain the extraordinarily high number of sites in google that are not patched (or a client that bought the software in March 2004 that was vulnerable)
__________________
SnapReplay.com a different way to share photos - iPhone & Android |
|
|
|
|
|
|
Hybrid Mode
