Dating Club age_to SQL Injection Vulnerability - Security


Editor Login \| Register		Ekle

> World > Security

Dating Club age_to SQL Injection Vulnerability - Security - World -

CWRedLight

(Date : 15.04.2008 16:52:10)

Dating Club age_to SQL Injection Vulnerability

Secunia Advisory:	SA29815
Release Date:	2008-04-15

Critical:	Moderately critical
Impact:	Manipulation of data
Where:	From remote
Solution Status:	Unpatched

Software:	Dating Club 5.x

Description:
The-0utl4w has reported a vulnerability in Dating Club, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the parameter "age_to" in browse.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
The-0utl4w

Original Advisory:
http://forum.aria-security.com/showthread.php?p=70

Derecelendir

Kaynak

http://secunia.com/advisories/29815/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS