Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Forum/Board/Portal)  >   Net Portal Dynamic System (NPDS) Vendors:
NPDS Input Validation Holes in 'comments.php' and 'pollcomments.php' Permit SQL Injection
SecurityTracker Alert ID:  1013973
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 16 2005
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   Romano, Benjilenoob, and NoSP reported several input validation vulnerabilities in NPDS. A remote user can inject SQL commands.

The 'comments.php' and 'pollcomments.php' scripts do not properly validate user-supplied input in the 'thold' parameter. A remote user can supply specially crafted parameter values to execute SQL commands on the underlying database.

Some demonstration exploit URLs are provided:





Impact:   A remote user can execute SQL commands on the underlying database.
Solution:   The vendor has issued a fix (using the new 'protect_url.php' file), described at:

Vendor URL: (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  SQL injection in NPDS

Category:  Application (Multimedia)  >  CMS-NPDS  	


Title : Inject SQL command in pollcomments.php & comments.php

Date:  May 15 2005

Impact:  Disclosure of authentication information, Disclosure of user 
information, ...

Fix Available:  Yes    

Solution : use protect_url.php (see for more details)

Description : Romano, Benjilenoob and NoSP reported several vulnerabilities in 
NPDS. A remote user can inject SQL commands in $thold variable from 
comments.php or pollcomments.php.     
The scripts does not properly filter user-supplied $thold variable.
Some demonstration exploit URLs are provided:

Disclosure login/pass admin

Diclosure login/pass members

Disclosure login/pass admin

Diclosure login/pass members

Reported By:  "Romano" <romano_45 AT hotmail_DOT_com, "NoSP" <NoSP AT 
thehackademy DOT net> "Benjilenoob" <benjilenoob AT hotmail DOT com>

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC