|
Feeds -
Exploits
|
|
Written by x0r and the vendor
|
|
Friday, 20 February 2009 20:31 |
Online Grades Login Parameters SQL Injection Vulnerabilities
-\\Bugtraq ID:
33576
-\\Class:
Input Validation Error
-\\CVE:
CVE-2009-0479
CVE-2009-0452
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Feb 03 2009 12:00AM
-\\Updated:
Feb 20 2009 04:27PM
-\\Credit:
x0r and the vendor.
-\\Vulnerable:
Online Grades Online Grades 3.2.4
-\\Not Vulnerable:
Online Grades Online Grades 3.2.5
Online Grades Online Grades 3.2.4 1
-\\Discussion
Online Grades is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Online Grades 3.2.4 is vulnerable; other versions may also be affected.
-\\Exploit(s)/PoC(s):
Attackers can use a browser to exploit these issues.
The following example value is available:
Email: [validemail] ' or ' 1=1--
-\\Solution
The vendor has released updates. Please see the references for more information.
-\\References(s)
--Online Grades Homepage
http://www.onlinegrades.org (Online Grades)
--OnlineGrades 3.2.5 Released
http://onlinegrades.org/onlinegrades_325_release (Online Grades)
|
