Mieric AddressBook 1.0 SQL Injection

2012.08.29
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

----------------------------------------------------- mieric addressBook 1.0 <= SQL Injection Vulnerability ----------------------------------------------------- Discovered by: Jean Pascal Pereira <pereira@secbiz.de> Vendor information: "MieRic address book is wrote in PERL and holds data via a MYSQL database. Users can add multiple EMAIL, ADDRESS, PHONE, CONTACTS, IMAGE AVATAR and PGP keys as they want. The addressBook is password protected using encrypted cookies using Blowfish encrypt." Vendor URI: http://sourceforge.net/projects/mieric/ ---------------------------------------------------- Risk-level: High The application is prone to a SQL injection vulnerability. ---------------------------------------------------- no.pl, line 256: if($type eq 'bio_action') { $last = $input{'last'}; $first = $input{'first'}; $avatar = $input{'avatar'}; $age = $input{'age'}; $bio = $input{'bio'}; $web = $input{'address'}; $web1 = $input{'address1'}; $sub_action = $input{'sub_action'}; # $sql = "INSERT INTO email_rollo (id,email,location) VALUES ('$command','$email','$location')"; #UPDATE `phone_rollo` SET `p1` = '243' WHERE `id` = '1' AND `p1` = '242' AND `p2` = '3118' AND `area` = '573' AND `location` = 'country' LIMIT 1 ; # $email =~ s/\@/\\@/; if($sub_action eq 'update'){ $sql = "UPDATE stoli SET last = '$last', first = '$first', avatar='$avatar', bday='$age', bio='$bio', web='$web', web1='$web1' WHERE id = '$command'"; # executing the SQL statement. $sth = $dbh->prepare($sql) or die "preparing: ",$dbh->errstr; $sth->execute or die "executing: ", $dbh->errstr; ---------------------------------------------------- Solution: Do some input validation. ----------------------------------------------------

References:

http://sourceforge.net/projects/mieric/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top