netVigilance Security Advisory #42 Fa Name version 1.0 SQL Injection Vulnerability Description: Fa Name (http://webscripts.softpedia.com/script/Content-Management/Fa-Name-41229.html) is useful portal (CMS) for .name websites. You can have a simple portal but useful one for you domain names and by useing this portal you can show your complete information like photo, identification , projects and history to the others. Successful exploitation requires PHP magic_quotes_gpc set to Off on the server. (default is magic_quotes_gpc = On) External References: Mitre CVE: CVE-2007-3652 NVD NIST: CVE-2007-3652 Summary: Fa Name is useful portal (CMS) for .name websites. A security problem in the product allows attackers to commit SQL injection. Advisory URL: http://www.netvigilance.com/advisory0042 Release Date: June 30th 2008 CVSS Version 2 Metrics: Base Metrics: Exploitability Metrics: Access Vector: Network Access Complexity: Medium Authentication: None Impact Metrics: Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial Temporal Metrics: Exploitability: Functional Remediation Level: Workaround Report Confidence: Uncorroborated CVSS Version 2 Vectors: Base Vector: �AV:N/AC:M/Au:N/C:P/I:P/A:P� Temporal Vector: �E:F/RL:W/RC:UR� CVSS Version 2 Scores: Base Score: 6.8 Impact Subscore: 6.4 Exploitability Subscore: 6.8 Temporal Score: 5.8 SecureScout Testcase ID: TC 17972 Vulnerable Systems: Fa Name version 1.0 Vulnerability Type: SQL injection allows malicious people to execute their own SQL scripts. This could be exploited to obtain sensitive data, modify database contents or acquire administrator�s privileges. Vendor: FaScript Vendor Status: The Vendor has been notified on July 7th 2007, but did not respond. Workaround: In the php.ini file set magic_quotes_gpc = On. Example: REQUEST: http://[TARGET]/[FANAME-DIRECTORY]/class/page.php?id=-1' UNION SELECT 1,1,1,`name` FROM `portal`%23 Credits: Jesper Jurcenoks Co-founder netVigilance, Inc www.netvigilance.com