SQL injections in FreeTicket

2010.12.03
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Subject: [eVuln.com] SQL injections in FreeTicket New eVuln Advisory: SQL injections in FreeTicket Summary: http://evuln.com/vulns/146/summary.html Details: http://evuln.com/vulns/146/description.html -----------Summary----------- eVuln ID: EV0146 Software: FreeTicket Vendor: Mrcgiguy Version: 1.0.0 Critical Level: medium Type: SQL injection Status: Unpatched. No reply from developer(s) PoC: Available Solution: Not available Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ ) --------Description-------- 1. 'id' SQL injection Vulnerability found in contact.php script. User-defined variable id is not properly sanitized before being used in SQL query. This can be used to execute arbitrary SQL query. 2. 'email' SQL injection Vulnerable script is contact.php script. 'email' parameter is not properly sanitized before being used in SQL query. --------PoC/Exploit-------- PoC code is available at: http://evuln.com/vulns/146/exploit.html ---------Solution---------- Not available ----------Credit----------- Vulnerability discovered by Aliaksandr Hartsuyeu http://evuln.com/xss/bbcode.html - recent XSS in bbcode

References:

http://www.securityfocus.com/bid/45053
http://www.securityfocus.com/archive/1/archive/1/514890/100/0/threaded
http://www.osvdb.org/69488
http://secunia.com/advisories/42313
http://packetstormsecurity.org/files/view/96138/freeticket-sql.txt
http://evuln.com/vulns/146/summary.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top