SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Your Ad Here
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  NooTopList Vendors:  nootoplist.com
NooTopList Input Validation Holes Permit SQL Injection Attacks
SecurityTracker Alert ID:  1014931
SecurityTracker URL:  http://securitytracker.com/id?1014931
CVE Reference:  CVE-2005-3003   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Sep 19 2005
Impact:  Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  
Advisory:  SystemSecure.org
Version(s): 1.0.0 [FINAL] (rel: 17)
Description:  David Sopas Ferreira (SmOk3) reported a vulnerability in NooTopList. A remote user can inject SQL commands.

The 'index.php' script does not properly validate user-supplied input in the 'o' and 'sort' parameters. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

Some demonstration exploit URLs are provided:

/index.php?o='[SQL INJECTION]
/index.php?sort='[SQL INJECTION]

The original advisory is available at:

http://www.systemsecure.org/ssforum/viewtopic.php?t=249
Impact:  A remote user can execute SQL commands on the underlying database.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.nootoplist.com/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Reported By:  "David" <david@systemsecure.org>
Message History:   None.

 Source Message Contents
Date:  Sat, 17 Sep 2005 20:23:09 +0100
From:  "David" <david@systemsecure.org>
Subject:  SS#13092005 NooToplist 1.0.0 SQL Injection

 
ORIGINAL: http://www.systemsecure.org/ssforum/viewtopic.php?t=249
 
Ref: SS#13092005
SYSTEMSECURE.ORG - Advisory/Exploit
 
* PUBLIC ADVISORY *
 
Software:
NooToplist 1.0.0 [FINAL] (rel: 17)
 
Link:
http://nootoplist.com/index.php
 
Attacks:
SQL Injection
 
Discovered by:
David Sopas Ferreira aka SmOk3
[david at systemsecure.org]
 
GoogleDork: "Powered by NooToplist 1.0.0"
 
 
-- ! Description !--
This PHP based TopList script is vulnerable to some SQL Injections. Impact An unauthenticated attacke
r may
execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of datab
ase
and expose sensitive information.
 
Affected file: index.php - variables $o and $sort
 
PoC:
/index.php?o='[SQL INJECTION]
/index.php?sort='[SQL INJECTION]
 
 
-- ! Solution !--
The script should filter metacharacters from user input.
 
 
 
<base64>Rm9y52EgUG9ydHVnYWw=</base64>
 
-EOF-


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC