Land Down Under Input Validation Holes in 'users.php' and Other Scripts Let Remote Users Inject SQL Commands

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: Application (Forum/Board/Portal) > Land Down Under

Vendors: ldu.neocrome.net

Land Down Under Input Validation Holes in 'users.php' and Other Scripts Let Remote Users Inject SQL Commands

SecurityTracker Alert ID: 1012015

SecurityTracker URL: http://securitytracker.com/id/1012015

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Nov 1 2004

Impact: Disclosure of system information

Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes

Version(s): 701

Description: Some input validation vulnerabilities were reported in Land Down Under. A remote user can inject SQL commands and can determine the installation path.

Positive Technologies reported that 'users.php' does not properly validate user-supplied input in several variables. A remote user can inject SQL commands. The vendor reports that not all of the input validation flaws actually permit SQL injections.

Some demonstration exploit examples are provided:

/users.php?f=1&s=1'[sql code here]&w=asc&d=50
/users.php?f=1&s=name&w=1'[sql code here]&d=50
/users.php?f=1&s=name&w=asc&d=1'[sql code here]
/users.php?f=1&s=1'[sql code here]&w=asc
/users.php?f=1&s=name&w=1'[sql code here]
/comments.php?id=1"[sql code here]

It is also reported that 'auth.php' allows SQL injection via POST commands. Some demonstration exploit examples are provided:

POST /auth.php?m=register&a=add HTTP/1.1

Host: www.neocrome.net
Content-Type: application/x-www-form-urlencoded
Content-Length: 123

rusername="[sql code here]&remail=scanner@ptsecurity.com&rpassword1=1&rpassword2=1&rlocation=1&roccupation=1&ruserwebsite=1&

POST /auth.php?m=register&a=add HTTP/1.1

Host: www.neocrome.net
Content-Type: application/x-www-form-urlencoded
Content-Length: 102

rusername=1&remail="[sql code here]&rpassword1=1&rpassword2=1&rlocation=1&roccupation=1&ruserwebsite=1&x=1&rcountry=1
;

It is also reported that a remote user can supply the following type of URL to determine the installation path:

/plug.php?h=1'

Impact: A remote user can inject SQL commands to be executed by the underlying database.

A remote user can determine the installation path.

Solution: The vendor has issued a patch for version 701, available at:

http://www.neocrome.net/index.php?msingle&id91

Vendor URL: www.neocrome.net/index.php?msingle&id91 (Links to External Site)

Cause: Exception handling error, Input validation error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Message History: None.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2021, SecurityGlobal.net LLC