|
Feeds -
Exploits
|
|
Written by x0r
|
|
Wednesday, 04 March 2009 22:12 |
Graugon PHP Article Publisher SQL Injection and Cookie Authentication Bypass Vulnerabilities
-\\Bugtraq ID:
33952
-\\Class:
Input Validation Error
-\\CVE:
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Mar 02 2009 12:00AM
-\\Updated:
Mar 04 2009 06:36PM
-\\Credit:
x0r
-\\Vulnerable:
Graugon PHP Article Publisher 1.0
-\\Discussion
Graugon PHP Article Publisher is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. The application is also prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.
Exploiting the SQL-injection issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The attacker can leverage the authentication-bypass vulnerability to gain administrative access to the affected application.
Graugon PHP Article Publisher 1.0 is vulnerable; other versions may also be affected.
-\\Exploit(s)/PoC(s):
Attackers can use a browser to exploit these issues.
The following example URIs are available:
http://www.example.com/path/?c=1 union select 0,0,0,concat(id,password,email),0,0 from p_settings
http://www.example.com/path/view.php?id=1 union select 0,0,0,concat(id,password,email),0,0 from p_settings
The following data is also available:
javascript:document.cookie ="g_admin=1; path=/"
-\\Solution
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
-\\References(s)
--PHP Article Publisher Homepage
http://www.hotscripts.com/listing/php-article-publisher (Graugon)
|
