JGS-Portal ID Variable SQL Injection Vulnerability
BID:13451
Info
JGS-Portal ID Variable SQL Injection Vulnerability
| Bugtraq ID: | 13451 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 30 2005 12:00AM |
| Updated: | Apr 30 2005 12:00AM |
| Credit: | Discovery is credited to <[email protected]>. |
| Vulnerable: |
JGS-XA Support JGS-Portal 3.0.1 |
| Not Vulnerable: |
JGS-XA Support JGS-Portal 3.0.2 |
Discussion
JGS-Portal ID Variable SQL Injection Vulnerability
JGS-Portal is prone to an SQL injection. This issue may potentially be exploited to compromise the software or gain unauthorized access to the database.
The consequences of exploitation will depend on the nature of the vulnerable SQL query and the capabilities of the underlying database implementation.
JGS-Portal is prone to an SQL injection. This issue may potentially be exploited to compromise the software or gain unauthorized access to the database.
The consequences of exploitation will depend on the nature of the vulnerable SQL query and the capabilities of the underlying database implementation.
Exploit / POC
JGS-Portal ID Variable SQL Injection Vulnerability
The following example was provided:
http://www.example.com/jgs_portal.php?id='SQL_here
The following example was provided:
http://www.example.com/jgs_portal.php?id='SQL_here
Solution / Fix
JGS-Portal ID Variable SQL Injection Vulnerability
Solution:
The vendor has addressed this issue in JGS-Portal version 3.0.2.
JGS-XA Support JGS-Portal 3.0.1
Solution:
The vendor has addressed this issue in JGS-Portal version 3.0.2.
JGS-XA Support JGS-Portal 3.0.1
-
JGS-XA Support JGS-Portal 3.0.2
http://www.jgs-xa.de/thread.php?threadid=1515&sid=