PerlDesk SQL Injection Vulnerability
BID:12471
Info
PerlDesk SQL Injection Vulnerability
| Bugtraq ID: | 12471 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 07 2005 12:00AM |
| Updated: | Feb 07 2005 12:00AM |
| Credit: | Discovery of the vulnerability is credited to deluxe89 and Astovidatu <www.security-project.org>. |
| Vulnerable: |
logicNow PerlDesk 1.0 logicNow PerlDesk 0 |
| Not Vulnerable: |
logicNow PerlDesk 2.0 |
Discussion
PerlDesk SQL Injection Vulnerability
PerlDesk is reportedly affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
PerlDesk is reportedly affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Exploit / POC
PerlDesk SQL Injection Vulnerability
The following proof of concept is available:
http://www.example.com/dir/kb.cgi?view=0 UNION SELECT 1,3,password,username,3,7 FROM users
The following exploit has been supplied by the discoverer of the vulnerability:
The following proof of concept is available:
http://www.example.com/dir/kb.cgi?view=0 UNION SELECT 1,3,password,username,3,7 FROM users
The following exploit has been supplied by the discoverer of the vulnerability:
Solution / Fix
PerlDesk SQL Injection Vulnerability
Solution:
It is reported that PerlDesk version 2.0 is not susceptible to this vulnerability.
logicNow PerlDesk 0
logicNow PerlDesk 1.0
Solution:
It is reported that PerlDesk version 2.0 is not susceptible to this vulnerability.
logicNow PerlDesk 0
-
logicNow PerlDesk Latest
http://www.perldesk.com/helpdesk.0.html
logicNow PerlDesk 1.0
-
logicNow PerlDesk Latest
http://www.perldesk.com/helpdesk.0.html
References
PerlDesk SQL Injection Vulnerability
References:
References:
- PerlDesk Home Page (logicNow)
- [SePro Bugtraq] SQL-Injection in PerlDesk 1.x (security-project.org)