Rae Media Real Estate Multi Agent SQL Injection Vulnerability

2011.02.17
Credit: R4dc0re
Risk: High
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Source: http://www.securityfocus.com/bid/45212/discuss Multi Agent System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Multi Agent System 3.0 is vulnerable; other versions may also be affected. Attackers can use a browser to exploit this issue. The following example URI is available: http://www.example.com/multi/city.asp?probe=[Code]

References:

http://www.securityfocus.com/bid/45212
http://www.securityfocus.com/bid/45211
http://secunia.com/advisories/42515
http://packetstormsecurity.org/files/view/96389/raemediaincresmas-sql.txt
http://osvdb.org/69628
http://osvdb.org/69627


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top