Koobi poll_id SQL Injection Vulnerability - Security


Editor Login \| Register		Ekle

> World > Security

Koobi poll_id SQL Injection Vulnerability - Security - World -

CWRedLight

(Date : 17.04.2008 20:39:27)

Koobi poll_id SQL Injection Vulnerability

Secunia Advisory:	SA29789
Release Date:	2008-04-17

Critical:	Moderately critical
Impact:	Manipulation of data
Where:	From remote
Solution Status:	Unpatched

Software:	dream4 Koobi 6.x

Description:
S@BUN has reported a vulnerability in Koobi, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "poll_id" parameter in index.php (e.g. if "p" is set to "poll" and "showresult" is set to "1") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability in reported in version 6.25 Pro. Other versions may also be affected.

Solution:
Filter malicious characters and character sequences using a proxy.

Provided and/or discovered by:
S@BUN

Original Advisory:
http://milw0rm.com/exploits/5448

Derecelendir

Kaynak

http://secunia.com/advisories/29789/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS