SecurityTracker.com Archives - RateIt Input Validation Hole in 'rateit

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > RateIt

Vendors: absoft-my.com

RateIt Input Validation Hole in 'rateit_id' Parameter Permits SQL Injection

SecurityTracker Alert ID: 1015983

SecurityTracker URL: http://securitytracker.com/id?1015983

CVE Reference: CVE-2006-1798 (Links to External Site)

Date: Apr 24 2006

Impact: Disclosure of system information, Disclosure of user information, User access via network

Exploit Included: Yes

Version(s): 2.2

Description: A vulnerability was reported in RateIt. A remote user can inject SQL commands.

The 'rateit.php' script does not properly validate user-supplied input in the 'rateit_id' parameter. If magic_quotes_gpc is disabled, a remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

Aliaksandr Hartsuyeu discovered this vulnerability.

The original advisory is available at:

http://evuln.com/vulns/124/summary.html

A demonstration exploit is available at:

http://evuln.com/vulns/124/exploit.html

Impact: A remote user can execute SQL commands on the underlying database.

Solution: No solution was available at the time of this entry.

Vendor URL: absoft-my.com/ (Links to External Site)

Cause: Input validation error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Reported By: alex@evuln.com

Message History: None.

Source Message Contents

Date: 24 Apr 2006 15:45:02 -0000
From: alex@evuln.com
Subject: [eVuln] RateIt SQL Injection Vulnerability

 
New eVuln Advisory:
RateIt SQL Injection Vulnerability
http://evuln.com/vulns/124/summary.html

--------------------Summary----------------
eVuln ID: EV0124
CVE: CVE-2006-1798
Software: RateIt
Sowtware's Web Site: http://www.absoft-my.com/
Versions: 2.2
Critical Level: Moderate
Type: SQL Injection
Class: Remote
Status: Unpatched. No reply from developer(s)
PoC/Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

-----------------Description---------------
Vulnerable script: rateit.php

Parameter $rateit_id is not properly sanitized before being used in SQL query. This can be used to ma
ke any SQL query by injecting
 arbitrary SQL code.

Condition: magic_quotes_gpc = off


--------------PoC/Exploit----------------------
Available at: http://evuln.com/vulns/124/exploit.html

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)


Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2006, SecurityGlobal.net LLC