Land Down Under Input Validation Hole in 'c' Parameter Permits SQL Injection Attacks
SecurityTracker Alert ID: 1014811|
SecurityTracker URL: http://securitytracker.com/id/1014811
(Links to External Site)
Date: Aug 29 2005
Disclosure of system information, Disclosure of user information, User access via network|
Exploit Included: Yes |
Version(s): 801 and prior versions|
A vulnerability was reported in Land Down Under. A remote user can inject SQL commands.|
The software does not properly validate user-supplied input. A remote user can supply specially crafted parameter values to execute SQL commands on the underlying database.
Some demonstration exploit URLs are provided:
matrix_killer of h4cky0u Security Forums discovered this vulnerability.
A remote user can execute SQL commands on the underlying database.|
No solution was available at the time of this entry.|
Vendor URL: ldu.neocrome.net/ (Links to External Site)
Input validation error|
|Underlying OS: Linux (Any), UNIX (Any), Windows (Any)|
Source Message Contents
Subject: [Full-disclosure] Land Down Under 801 And Prior Multiple SQL|
Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities
Land Down Under version 801 and prior
Support Website : http://www.neocrome.net
Land Down Under is a multiple portal system which includes many
different options like forum, statistic, site map, article menu and
many more. The portal is powered by PHP and MySQL.
The portal system is vulnerable to various sql injection attacks, here
are some examples:
The vendor was contacted using the contacts link on the main page.
No response recieved till date.
This vulnerability was discovered and researched by -
matrix_killer of h4cky0u Security Forums.
mail : matrix_k at abv.bg
web : http://www.h4cky0u.org
Greets to all omega-team members
(In)Security at its best...
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/