CounterChaos <= 0.48c SQL Injection Vulnerability

2006.08.10
Credit: Tamriel
Risk: High
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: CounterChaos <= 0.48c SQL Injection Vulnerability Release Date: 2006/08/04 Last Modified: 2006/08/03 Author: Tamriel [tamriel at gmx dot net] Application: CounterChaos <= 0.48c Risk: Moderate Vendor Status: not contacted Vendor Site: www.chaossoft.de Overview: Quote from www.chaossoft.de: "CounterChaos ist ein flexibler Onlinecounter fuer Ihre Homepage. Er ist klein und kompakt in PHP geschrieben und benutzt eine mySQL-Datenbank, um die Daten abzuspeichern." Details: SQL Injection Vulnerabilities in counterchaos.php (arround line 35-45) ... $referer= $_SERVER["HTTP_REFERER"]; $referer=strtolower($referer); ... // Ohne www auch nicht gefunden => im Original speichern mysql_query("INSERT INTO $tabellerefi SET monat='$akt_monat', jahr='$akt_jahr', refi='$referer', treffer='1'") or die(mysql_error()); } ... Here an attacker can fake his http referer and so inject his own sql queries (magic quotes must be off). Solution: Take a view on PHP's ysql_real_escape_string function. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFE0oOZqBhP+Twks7oRAmN9AJ9u9URtocwWhMN0kQsje+7BqVSqnwCfabUw GnCv00gAbRXLTmgDXdwF2CA= =emSG -----END PGP SIGNATURE-----


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top