Written by x0r
Wednesday, 04 March 2009 22:12
Graugon PHP Article Publisher SQL Injection and Cookie Authentication Bypass Vulnerabilities
Input Validation Error
Mar 02 2009 12:00AM
Mar 04 2009 06:36PM
Graugon PHP Article Publisher 1.0
Graugon PHP Article Publisher is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. The application is also prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
Exploiting the SQL-injection issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The attacker can leverage the authentication-bypass vulnerability to gain administrative access to the affected application.
Graugon PHP Article Publisher 1.0 is vulnerable; other versions may also be affected.
Attackers can use a browser to exploit these issues.
The following example URIs are available:
http://www.example.com/path/?c=1 union select 0,0,0,concat(id,password,email),0,0 from p_settings
http://www.example.com/path/view.php?id=1 union select 0,0,0,concat(id,password,email),0,0 from p_settings
The following data is also available:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at:
--PHP Article Publisher Homepage