Greenguy's Board - View Single Post - AutorankPHP Remote Exploit via SQL Injection

cd34 · 2004-12-10, 05:25 PM

Software: AutorankPHP

Title: [FW-004] accounts.php remote login exploit via SQL Injection

Summary: Ability to remotely log in and change account information with minimal information about accounts

Description: Using a specially crafted username, one can log into a trade's account in AutorankPHP and change data including username, password, email account

Impact: Traffic can be redirected to other urls, account information changed

Workaround: Modify accounts.php and add

$_POST['Username'] = mysql_real_escape_string($_POST['Username']);
$_POST['Password'] = mysql_real_escape_string($_POST['Password']);

after the <?php. This does not prevent other SQL injection attacks, but does prevent a malicious user from getting in without a password.

References:
http://firewall.com/advisories/autorankphp.html

Risk Factor: Medium

2004-12-10, 05:25 PM	#1
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	AutorankPHP Remote Exploit via SQL Injection Software: AutorankPHP Title: [FW-004] accounts.php remote login exploit via SQL Injection Summary: Ability to remotely log in and change account information with minimal information about accounts Description: Using a specially crafted username, one can log into a trade's account in AutorankPHP and change data including username, password, email account Impact: Traffic can be redirected to other urls, account information changed Workaround: Modify accounts.php and add $_POST['Username'] = mysql_real_escape_string($_POST['Username']); $_POST['Password'] = mysql_real_escape_string($_POST['Password']); after the <?php. This does not prevent other SQL injection attacks, but does prevent a malicious user from getting in without a password. References: http://firewall.com/advisories/autorankphp.html Risk Factor: Medium __________________ SnapReplay.com a different way to share photos - iPhone & Android