FusionZONE CouponZONE Multiple SQL Injection Vulnerabilities
BID:17274
Info
FusionZONE CouponZONE Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 17274 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 27 2006 12:00AM |
| Updated: | Mar 28 2006 09:33PM |
| Credit: | rakstija r0t is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
fusionZONE couponZONE 4.2 |
| Not Vulnerable: | |
Discussion
FusionZONE CouponZONE Multiple SQL Injection Vulnerabilities
The couponZONE application is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Version 4.2 of couponZONE reported vulnerable. Other versions may be affected as well.
The couponZONE application is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Version 4.2 of couponZONE reported vulnerable. Other versions may be affected as well.
Exploit / POC
FusionZONE CouponZONE Multiple SQL Injection Vulnerabilities
These issues can be exploited through a web client.
The following proof-of-concept examples are available:
http://www.example.com/local.cfm?redir=listings&srchby=&companyid=[SQL]
http://www.example.com/local.cfm?redir=listings&srchby=ct&cat=&scat=[SQL]
http://www.example.com/local.cfm?redir=adv_details&coid=[SQL]
These issues can be exploited through a web client.
The following proof-of-concept examples are available:
http://www.example.com/local.cfm?redir=listings&srchby=&companyid=[SQL]
http://www.example.com/local.cfm?redir=listings&srchby=ct&cat=&scat=[SQL]
http://www.example.com/local.cfm?redir=adv_details&coid=[SQL]
Solution / Fix
FusionZONE CouponZONE Multiple SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
FusionZONE CouponZONE Multiple SQL Injection Vulnerabilities
References:
References:
- couponZONE Product Page (fusionZONE)
- couponZONE v.4.2 Multiple vuln. (rakstija r0t)